Unscrupulous developers are taking advantage of the AI chatbot craze to trick people out of their hard-earned money, and it’s working.
Cybersecurity researchers from Sophos have analyzed Google’s and Apple’s mobile app stores and found multiple fake ChatGPT apps which, through dubious practices, forced users into subscribing to a service.
One such developer “earned” more than a million dollars in one month, alone.
While the apps aren’t particularly damaging or malware in the sense that they’ll destroy the device or steal information, they will try and get the victims to pay. The apps claim to offer the functionality of ChatGPT (which is basically an AI-powered chatbot) and offer a free trial (or a free model with ads), and a paid subscription model. The free/ads model is either heavily limited (available for three days, for example) or comes with so many ad popups and distractions that it’s simply unusable.
The paid model ranges from $10 a month to $300+ a year. So far, some developers earned $10,000 in March. Others raked in more than a million in the same timeframe.
The worst part is that ChatGPT is free to use and can be accessed via this link. The apps, on the other hand, are often poorly written and implemented even worse, which means the apps sometimes don’t even function as intended, regardless of if the user paid for the premium version or not.
According to Sophos’ researchers, the trick is to get people to subscribe to the service, and then forget they subscribed, or think they can unsubscribe by simply uninstalling the app. Faking app reviews and comments, as well as inflating download numbers, is also part of the deception.
So far, Sophos found five such apps, both on the Play Store and the App Store, and reported them to their respective owners. Users who already downloaded such apps should follow their vendors’ guidelines on how to subscribe, as simply deleting the app will not cancel the subscription.
“Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception,” said Sean Gallagher, principal threat researcher, Sophos.
“With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT. These types of scam apps—what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment.”