Cybersecurity provider warns against fake ChatGPT apps stealing users money

Cybersecurity provider reminds users to be careful of apps pretending to be ChatGPT.

File photo: iOS ChatGPT

Fighting "FleeceGPT"

In a report, Sophos provided details about these multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users and bring in thousands of dollars a month.

In the report "FleeceGPT' Mobile Apps Target AI-Curious to Rake in Cash," Sophos said these apps are seen in both the Google Play and Apple App Store. Since the free versions have near-zero functionality and constant ads, they lead users into signing up for a subscription that can cost hundreds of dollars a year, the company added.

Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception. With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT, said Sean Gallagher, principal threat researcher of Sophos.

These types of scam apps—what Sophos has dubbed 'fleeceware'—often bombard users with ads until they sign up for a subscription. They're banking on the fact that users won't pay attention to the cost or simply forget that they have this subscription. They're specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment, he added.

Sophos first discovered fleeceware apps in 2019.

They usually overcharge users for features that are already free elsewhere, as well as use social engineering and coercive tactics to convince users to sign up for a recurring subscription payment.

Usually, these apps offer a free trial but with so many ads and restrictions, they're barely useable until you pay for a subscription. These apps are also often poorly written and implemented, meaning app function is often less than ideal even after users switch to the paid version.

They also manipulate their ratings in the app stores through fake reviews and persistent requests of users to rate the app before the free trial ends.

Fleeceware apps are specifically designed to stay on the edge of what’s allowed by Google and Apple in terms of service, and they don't flout the security or privacy rules, so they are hardly ever rejected by these stores during review. While Google and Apple have implemented new guidelines to curb fleeceware since we reported on such apps in 2019, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up, Gallagher said.

Sophos X-Ops investigated a total of five ChatGPT fleeceware apps, all of which claimed to be based on ChatGPT's algorithm.

In some cases, as with the app "Chat GBT," the developers played off the ChatGPT name to improve their promote their app on Google Play or App Store.

While OpenAI offers the basic functionality of ChatGPT to users for free online, these apps were charging anything from $10 a month to $70.00 a year. The iOS version of 'Chat GBT,' called Ask AI Assistant, charges $6 a week—or $312 a year—after the three-day free trial; it netted the developers $10,000 in March alone, Sophos said.

Another app is called Genie which encourages users to sign up for a USD 7 weekly or USD 70 annual subscription.

All apps included in the report have been reported to Apple and Google. For users who have already downloaded these apps, they should follow the proper steps to unsubscribing.

Simply deleting the fleeceware app will not void the subscription.

While some of the ChatGPT fleeceware apps included in this report have already been taken down, more continue to pop up—and it's likely more will appear. The best protection is education. Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting 'subscribe.' Users can also report apps to Apple and Google if they think the developers are using unethical means to profit, Gallagher emphasized.

What do you think about this?