ChatGPT scams infiltrate the App Store and Google Play

There are paid versions of OpenAI’s GPT and ChatGPT for casual users and developers, but anyone can try out the AI ​​chatbot for free on the company’s website. Scam apps take advantage of people who have heard about this new technology — and perhaps the madness of people who are clamoring to use it — but don’t have a lot of additional context for how to try it themselves. Researchers first learned about the scam apps after seeing advertisements for them in news apps and on social networks, but users may also encounter them by searching Google Play and the App Store.

“I’ve seen multiple ads for these types of apps on social media platforms where the advertising is cheap, and sometimes they use tactics like spelling mistakes in the name – calling the app ‘Chat GBT’ or something else – to screen out people who might be a little smarter,” says Sean Gallagher. , a senior threat researcher at Sophos. “They’re trying to weed out people who are going to take the free trial and then cancel it because it’s crap. They want people who aren’t focused enough on figuring out how to opt out.”

Show more

These scams are known as toiletry scams. These apps, which tie victims to pay a regular weekly or monthly fee, are difficult to eliminate because they usually don’t exhibit the technically invasive and malicious behaviors that would lead to more obvious malware booting. Researchers note that when scammers submit their apps to Apple and Google for review, they may not include all details about subscription pricing and when users must pay to continue receiving functionality. Later, they can review their claim without changing anything about how the app is designed.

Google and Apple provide mechanisms for developers to offer in-app purchases, both one-time fees and recurring fees. These companies take a cut every time apps in their app stores collect payments from users.

In the case of the Android Open Chat GBT app, users could download the app for free but soon encountered massive amounts of ads and could only try the chatbot three times before losing access to its functionality and receiving a subscription prompt. By default, users can sign up for a free three-day trial to continue using the app, which will then become a $10 monthly subscription. Open Chat GBT also offered a $30 annual subscription. Researchers found a very similar app with a different name from the same developer for iOS in the App Store.

Sophos researchers noted that Apple and Google removed some of the fake AI chatbot applications they were researching before they were revealed. However, there were others that remained available after researchers reported them to Google and Apple. Both companies acknowledged receiving the applications, and Google removed another. Google and Apple did not immediately respond to requests for comment on the findings.

Researchers say they suspect some apps use OpenAI’s ChatGPT 3 API to create content for users while others use low-quality chatbot functionality. Instead of limiting the user to a small number of queries, some apps will snip out the responses and give users a snippet just until they start signing up.

Gallagher says one of the biggest problems with Fleeceware is that users don’t always know how to manage their subscriptions and don’t realize that even when they delete the app, their recurring payments will still work with the service.

“We define corkware as something that charges an extraordinary amount of money for a feature that is freely available or at very low cost elsewhere,” he says. And it works, because even I wonder sometimes, Why am I charging Apple that much every month? And it’s like, Well, there’s shared family storage, there’s AppleCare for my phone, and there’s Duolingo. You have to be very careful — you have to actively manage Application subscriptions.