dark mode light mode Search
Search

Cybercriminals Spread Trojan Through Fake ChatGPT App

Cybercriminals are using a fake ChatGPT app to spread the PipeMagic Trojan, warns Kaspersky’s Global Research and Analysis Team (GReAT). The Trojan, initially targeting organizations in Asia, is now attacking entities in Saudi Arabia.

The malicious software, first detected by Kaspersky in 2022, has evolved significantly. While initially targeting entities in Asia, the PipeMagic Trojan is now being deployed through a fake ChatGPT app written in the Rust programming language. Once installed, the Trojan acts as a backdoor, giving attackers full control of the system and allowing them to extract sensitive data.

How the Fake ChatGPT Works

Although it appears to be a legitimate tool, the fake ChatGPT app is designed to deceive users. It contains libraries commonly used in Rust-based programs, making it harder for security tools to detect. When users open the app, they are presented with a blank screen, while in the background, the malware begins its attack by hiding an encrypted payload.

In its second phase, the malware manipulates Windows API functions, gaining deeper access to the system. It then loads the PipeMagic backdoor, allowing the attackers to remotely control the infected device.

One unique feature of the PipeMagic Trojan is its use of a “named pipe” for communication. This method allows different parts of a computer system to exchange information. The Trojan generates a 16-byte random array to create a specific named pipe, through which it receives encoded commands from a control server hosted on Microsoft Azure.

According to Sergey Lozhkin, Principal Security Researcher at Kaspersky, cybercriminals are evolving their strategies to target more prolific victims. With the PipeMagic Trojan now expanding its reach from Asia to Saudi Arabia, more attacks are expected. Given its advanced capabilities, PipeMagic poses a serious threat to organizations worldwide.

How to Protect Against PipeMagic

To mitigate this growing threat, Kaspersky advises both organizations and individuals to exercise caution when downloading software. It’s crucial to only download apps from official platforms to reduce the risk of accidentally installing malicious software. Additionally, Kaspersky recommends keeping cybersecurity teams updated with threat intelligence, training staff to recognize phishing attacks, and investing in advanced security tools like Endpoint Detection and Response (EDR) solutions.

What You Should Know About PipeMagic and ChatGPT

The PipeMagic Trojan belongs to a broader category of malware known as Trojans, which disguise themselves as legitimate software. Once activated, they can steal data, spy on users, or provide remote access to attackers, as seen in this case.

On the other hand, ChatGPT, developed by OpenAI, is a conversational AI tool that has gained widespread use for generating human-like text. Unfortunately, its popularity has also made it a target for scammers. By mimicking ChatGPT, cybercriminals trick users into downloading fake apps that steal sensitive information.

Total
0
Shares