Fake ChatGPT apps trick users into paying for expensive subscriptions

Cybercriminals are taking advantage of the skyrocketing popularity of AI tools like ChatGPT, and are now distributing malware for Android and Windows OS through fake AI apps. In fact, people who use a smartphone to try to access OpenAI's ChatGPT might end up losing their hard-earned cash.

In its new report, cybersecurity firm Sophos revealed that some developers have created fake ChatGPT apps that trick users into paying for subscriptions. As part of their investigation, the company's security researchers analysed five ChatGPT apps available on the Google Play Store and App Store.

According to Sophos, users should avoid installing them on their devices because they are fleeceware. To those unaware, fleeceware is a type of mobile app that contains hidden, expensive subscriptions. Apparently, they keep bombarding users with ads until they sign up for a subscription.

Users do not usually have to pay to install these apps, but Sophos says the free versions "have near-zero functionality and constant ads." So, users have to sign up for a subscription to access more features. The developers may charge anywhere from $10 (about £8) per month to $70 (about £56) a year for these subscriptions.

For instance, Ask AI Assistant, which is an iOS version of ChatGPT, charges $6 (about £4) a week. Likewise, users can pay $312 (about £251) for the year once its free three-day trial is up. In March, Ask AI Assistant brought in $10,000 (about £8,066) for its developers. Data from SensorTower suggests Genie, which is another fleeceware-like app, brought in a whopping $1 million over the past month.

Fleeceware apps vs malicious apps: Which are more dangerous?

To recap, fleeceware was first spotted by Sophos on the Play Store in 2019. The fleeceware developers ensure these apps "stay on the edge of what's allowed by Google and Apple in terms of service." Unlike fleeceware apps, malicious apps are designed to infect Android devices with malware. So, the FBI recently warned against using public phone-charging stations as they can be used to infect your phone with malware.

Fleeceware, on the other hand, could cost you a lot of money if you aren't cautious. These apps charge for features and functionalities that many apps offer for free. Moreover, app developers use coercive tactics and social engineering to urge users to sign up for recurring subscriptions. However, the paid version barely offers anything new.

The fleeceware developers also use fake reviews to increase the ratings of the apps in app stores. Also, they keep requesting users to rate them. This helps the developers acquire a better position on the app store.

Apps you need to delete right now

The folks at Tom's Guide have curated a list of fleeceware apps that pose as legitimate AI chatbots or ChatGPT apps on the App Store and Play Store. The report encourages users to delete these apps immediately unless they want to end up paying for a subscription to avail of features that other apps offer for free.

• AI Chatbot - Open Chat Writer
• Genie - AI Chatbot
• AI Chat - Chatbot AI Assistant
• AI Chat GBT - Open Chatbot App
• AI Chatbot - Ask AI Assistant
• Open Chat GBT - AI Chatbot App

Notably, Sophos has reported some of the aforesaid apps to Apple and Google. A considerable number of these apps have since been removed from the app stores. Aside from avoiding installing such apps on your phone, there are several simple ways to protect your privacy when using AI tools like ChatGPT.

Also, you can sign up for OpenAI's ChatGPT Plus if you are willing to pay $20 (about £16) a month. Alternatively, you can access OpenAI's chatbot through Bing Chat. Microsoft has teamed up with OpenAI to bring ChatGPT to its widely popular search engine.