Global cybersecurity firm Sophos has discovered numerous fake apps in disguise of ChatGPT-based chatbots to siphon users of hundreds of dollars. In its latest report, the company has said such malicious apps have surfaced in Google Play and Apple’s App Store.
According to the report, the free versions with zero functionality and constant ads lure users into signing up for a subscription which can cost them hundreds of dollars a year.
Sophos has dubbed such apps as ‘Fleeceware’ which target users with advertisements till they sign up for a subscription. Such apps bank on the fact that the unsuspecting users will not pay attention to the cost. The fleecewares are designed in a way that they will not be of much use after the end of free trial. Hence, the users delete these apps without realising that they are still in the trap for a monthly or weekly payment.
The cybersecurity firm’s X-ops team probed five of these fleeceware apps which were allegedly based on the Open AI chatbot’s algorithm. In some cases, the fleeceware developers named the app as ‘Chat GBT’ to improve their ranking on the app stores. The company OpenAI is offering ChatGPT free of cost to the online users, but these apps are charging between $10-$70 a year. The iOS version of ‘Chat GBT’ costs $6 a week.
According to the report, another app called Genie encouraged the users to sign up for $70 annual subscription. Sophos said that the apps are overcharging the users for functions which are free elsewhere. They use coercive techniques to lure users to signing up for a subscription. These malicious apps usually offer a free trial but the users are forced to sign up for subscription after being fed up with constant ads and restrictions.
These apps inflate their ratings on app stores through fake reviews and persistently asking the users to rate them.
Sean Gallagher, principal threat researcher at Sophos said in a statement that the apps are designed to stay on the edge of what is allowed by Google and Apple in terms of service. Since they don’t violate the security or privacy rules, they are hardly rejected during reviews.
After being reported, some fleeceware apps mentioned in the report have been taken down while some continue to pop up. Gallagher called for users to be aware that such apps exist and are advised to read carefully before hitting the subscribe button.