As the popularity of AI chatbots continues to rise, unscrupulous developers are capitalizing on the trend to deceive unsuspecting users and extract money from them. Cybersecurity researchers from Sophos have recently conducted an analysis of Google’s and Apple’s mobile app stores, uncovering several fraudulent ChatGPT apps that employ dubious tactics to coerce users into subscribing to a service.
The researchers discovered that one particular developer managed to accumulate over a million dollars in just one month through these deceptive practices. While the fake apps themselves may not be inherently damaging or contain malware that compromises devices or steals personal information, they employ manipulative tactics to convince victims to make payments.
These fraudulent apps claim to offer the functionalities of ChatGPT, an AI-powered chatbot, and present users with options for a free trial or a free version supported by ads, alongside a paid subscription model. However, the free or ad-supported version is severely restricted, often limited to a few days of usage, or inundated with excessive ad popups and distractions, rendering it practically unusable.
The premium subscription models range from $10 per month to over $300 per year. Shockingly, some developers managed to amass $10,000 in a single month, while others surpassed the million-dollar mark within the same timeframe.
What makes this scam particularly insidious is that ChatGPT itself is available for free. In contrast, the fake apps, often poorly developed and inadequately implemented, frequently fail to function as intended, regardless of whether the user has paid for the premium version or not.
According to Sophos researchers, the scammers’ strategy revolves around getting people to subscribe to the service and then either forget they have subscribed or believe that uninstalling the app will automatically cancel the subscription. To add to the deception, these fraudulent apps fabricate reviews and comments and inflate download numbers to appear more legitimate.
So far, Sophos has identified five such apps on both the Google Play Store and the Apple App Store and has reported them to the respective platform owners. Users who have already downloaded these apps are advised to follow the guidelines provided by their vendors on how to cancel subscriptions, as merely deleting the app will not suffice.
“Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception,” warns Sean Gallagher, Principal Threat Researcher at Sophos. He emphasizes that these types of scam apps, dubbed ‘fleeceware’ by Sophos, employ aggressive advertising tactics until users succumb to subscription sign-ups. The scammers rely on users paying little attention to the cost or forgetting about the subscription altogether. Furthermore, these apps are designed to have limited functionality after the free trial period, causing users to delete the app without realizing they are still obligated to make monthly or weekly payments.
As interest in AI and chatbots continues to surge, users are urged to exercise caution when downloading apps resembling ChatGPT. It is crucial to remain vigilant and informed, carefully scrutinizing subscription details and app reviews to avoid falling victim to these deceptive practices.
