Fake ChatGPT download links can compromise your PC's safety

Reading time icon 4 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • ChatGPT is more than popular but you have to be careful where you download it from.
  • An alarming number of fake download links for ChatGPT have surfaced on the web.
  • Many of these links seem to lead to official download sources but it's not the case at all.
malware

No doubt you’ve already heard talk about Microsoft’s new initiative to integrate ChatGPT with Bing, since this is all everyone talks about lately.

Once Microsoft released the new AI-powered Bing, and how it plans to include ChatGPT into the service, Google also started talking about BARD, its own version of the same service.

If you want to compare the two and find out which is best suited for your needs, all you have to do is check our dedicated article.

That being said, we advise you to be cautious about where you get your chatbot from because hackers have already started capitalizing on people not downloading from official sources.

Thus, there are a lot of fake ChatGPT apps out there that help them push both Windows and Android malware.

Look out for fake ChatGPT download links

We know that the idea of having a chatbot-like software deliver all the answers you need in the most humanly manner possible sounds appealing, but there’s a downside to it.

In fact, a lot of threat actors are exploiting the popularity of OpenAI’s ChatGPT chatbot in order to distribute malware for Windows and direct unsuspecting users to phishing pages.

OpenAI’s ChatGPT was already very popular, but after Microsoft announced the move, malicious third parties started taking advantage of the tool’s popularity by promising uninterrupted and free-of-charge access to premium ChatGPT.

Needless to say, these offers are false and the goal is to lure users into installing malware or providing account credentials.

Among the first people to notice the lurking threat was security researcher Dominic Alvieri, when he stumbled upon a domain called chat-gpt-pc.online.

This was used to efficiently infect visitors with the Redline info-stealing malware under the guise of a download for a ChatGPT Windows desktop client.

In order to make it even more credible, the above-mentioned website was promoted by a Facebook page that used official ChatGPT logos to trick users into getting redirected to the malicious site.

There are also a lot of fake ChatGPT apps being promoted on Google Play and third-party Android app stores, to push shady software onto people’s devices.

These sources might seem official to you, thus encouraging you to click and download, but the consequences can actually be disastrous.

Another post found on a social media page also discusses Jukebox, an AI-based tool created by OpenAI that enhances music and audio creation.

However, this post also features a link that leads to another malicious domain, hxxps://chat-gpt-pc.online, where your information is stolen and used against you.

According to researchers from Cyble, these shady domains ultimately lead to a counterfeit OpenAI website that appears to be the genuine official website.

Of course, this fake website presents users with a DOWNLOAD FOR WINDOWS button, which, when clicked, downloads potentially harmful executable files.

Furthermore, chat-gpt-pc[.]online also delivered the Lumma stealer in Cyble’s tests, while another domain, openai-pc-pro[.]online, drops an unknown malware family.

The above-mentioned security researchers discovered a credit card stealing page at pay.chatgptftw.com that supposedly offers visitors a payment portal to purchase ChatGPT Plus.

Phishing site stealing credit card details

Two of the examples given are chatGPT1, which is an SMS billing fraud app, and AI Photo, which contains the Spynote malware, which can steal call logs, contact lists, SMS, and files from the device.

Please keep in mind that ChatGPT is exclusively an online-based tool available only at chat.openai.com and does not offer any mobile or desktop apps for any operating systems at the moment.

Note that any other apps or sites claiming to be ChatGPT are fakes attempting to scam or infect with malware and should be considered at least suspicious and users should avoid them.

People were already concerned about ChatGPT’s Bing integration since Microsoft will get all this information but give nothing back to the sites it takes it from.

Also, remember that ChatGPT will also get some customization options in the near future. And, speaking of ChatGPT and Bing, know that Edge’s new VPN service has made it to the Stable Channel.

More about the topics: ChatGPT