Cybersecurity researchers from Cyble Research & Intelligence Labs (CRIL) have identified a new spyware campaign specifically targeting Android users in the United States. The campaign distributes malicious applications disguised as popular tools, including ChatGPT, DALL·E, and a modified version of WhatsApp.

The goal of the campaign is to deceive users into installing spyware that steals a wide range of sensitive personal information directly from their devices. These malicious apps are designed to look and feel like the legitimate applications they impersonate, using official logos and branding to gain the user’s trust.

Distribution via Phishing Websites

The primary method for distributing this spyware is through sophisticated phishing websites. These sites are crafted to mimic the official download pages for OpenAI’s ChatGPT and DALL·E, as well as a popular modified WhatsApp client known as WhatsApp Plus. Users are lured to these pages and tricked into downloading and installing malicious APK files instead of the legitimate software.

Upon installation, the counterfeit apps request a series of intrusive permissions. The fake ChatGPT application, for example, leverages the official OpenAI logo to appear authentic while hiding its data-stealing functionality. The campaign’s use of multiple high-demand applications indicates a broad strategy to ensnare a large number of victims.

Spyware Capabilities and Data Theft

Once installed on a victim’s device, the spyware begins to exfiltrate data to a command-and-control (C2) server operated by the attackers. The malware is equipped to perform extensive surveillance and data theft. Based on the permissions it gains, the spyware is capable of stealing contact lists, SMS messages, call logs, and various files stored on the device.

Furthermore, the spyware can activate the device’s microphone to record audio and use the camera to capture pictures without the user’s knowledge. This comprehensive access allows the attackers to collect a detailed profile of the victim’s personal and professional life. All stolen information is then transmitted back to the C2 server for collection by the threat actors.

Source: https://hackread.com/spyware-chatgpt-dalle-whatsapp-apps-us-users/