Content, Breach, Content

Scammers Using ChatGPT “Fleeceware” Apps to Cash In on AI Hype, Sophos Report

Share
Credit: Sophos

Online scammers are tricking users into signing up for free, bogus trial applications impersonating legitimate, ChatGPT-based chatbots to fleece buyers of thousands of dollars, a new report by Sophos said.

The fake apps, which are being sold on Apple’s App Store and Google Play, have minimal functionality and barrage users with ads. They entice user to sign up for subscriptions that can cost hundreds of dollars a year, Sophos reports.

Sophos examined five apps that is describes as ChatGPT "fleeceware," which it says have been falsely claimed to be based on the ChatGPT algorithm and charging $10 per month to upwards of $70 a year for a subscription.

In one instance, ChatGPT was changed to “Chat GBT” to improve the app's standing in both the Apple App Store and Google Play. The iOS version of “Chat GBT,” called "Ask AI Assistant," charges $6 a week (or $312 a year) after the three-day free trial. It scored the developers $10,000 in March, Sophos said. Another fleeceware-like app, called Genie, brought in $1 million over the past month.

How to Spot the Scam

Here’s what to watch out for:

  • Fleeceware apps overcharge users for functionality that is already free elsewhere.
  • The scammers use social engineering and coercive tactics to convince users to sign up for a recurring subscription payment.
  • Usually, the apps offer a free trial, but with so many ads and restrictions, they’re barely usable until a subscription is paid.
  • These apps are often poorly written and implemented, meaning app function is often less than ideal even after users switch to the paid version.
  • The apps inflate their ratings in app stores through fake reviews and persistent requests of users to rate the app before it’s even been used or the free trial ends.

How to Avoid Fleeceware Apps

The apps are written specifically not to flout Apple's and Google policies and to pass review. The cyber protector said that it has reported to Apple and Google its research findings on the fleeceware apps. Users who have already downloaded these apps should follow the App or Google Play store’s guidelines on how to “unsubscribe.” Simply deleting the fleeceware app will not void the subscription, Sophos said.

Sean Gallagher, Sophos' principal threat researcher, explained that with interest in AI and chatbots particularly high, users want the latest apps that resemble ChatGPT:

“ are banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.