Sophos Reveals a Network of Counterfeit ChatGPT Apps Defrauding Users

Sophos, a prominent cybersecurity company, has made a startling revelation regarding a cluster of applications that cunningly pose as legitimate chatbots powered by ChatGPT. These deceptive apps have been designed with the intention of overcharging unsuspecting users, resulting in substantial monthly profits amounting to thousands of dollars.

In a comprehensive report titled "FleeceGPT Mobile Apps Target AI-Curious to Rake in Cash," recently published by Sophos X-Ops, the cybersecurity firm expounds on this disconcerting discovery. These fraudulent applications have surreptitiously infiltrated both the Google Play Store and the Apple App Store. The insidious nature of these apps becomes evident as they offer free versions that provide almost no functionality while bombarding users with incessant advertisements. This coercive tactic cleverly manipulates unsuspecting individuals, compelling them to subscribe to a costly yearly plan that can reach exorbitant figures, often amounting to hundreds of dollars.

Exploiting the Popularity of ChatGPT Algorithm

During their investigation, Sophos X-Ops meticulously examined five of these fleeceware apps, all of which purported to be built upon the acclaimed ChatGPT algorithm. In certain instances, such as with the app "Chat GBT," the developers exploited the name recognition of ChatGPT to boost their app's visibility and ranking within the Google Play Store or the App Store.

According to Sean Gallagher, the principal threat researcher at Sophos, when discussing the company's discoveries:

“Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception. With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT.”

“These types of scam apps—what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment.”

Profitable Subscription Plans

In addition, he mentioned that while OpenAI provides the basic functionality of ChatGPT to users online for free, the fraudulent applications were charging users anywhere from $10 per month to $70 per year.

"For instance, the iOS version of 'Chat GBT,' known as Ask AI Assistant, imposes a fee of $6 per week or $312 per year after a three-day free trial. In March alone, the developers earned $10,000 from this scheme. Another app resembling fleeceware, named Genie, entices users to subscribe for $7 per week or $70 per year, and it generated $1 million in revenue over the past month," he further explained.

The Distinctive Traits of Fleeceware Apps

The concept of fleeceware apps, initially brought to light by Sophos in 2019, encompasses distinctive attributes that revolve around unjustifiably overcharging users for functionalities that are readily available for free elsewhere. Moreover, these deceitful apps employ social engineering techniques and employ coercive tactics to manipulate users into subscribing to recurring payment plans.

Typically, these apps entice users with a free trial period, but the experience is marred by an overwhelming number of advertisements and limitations, rendering them scarcely functional until a subscription is obtained. Adding to the predicament, these apps often exhibit subpar development and implementation, resulting in compromised performance even after users transition to the paid version.

Additionally, these unscrupulous apps employ tactics to artificially inflate their ratings within the app stores. This is achieved through the utilization of fabricated reviews and persistent requests for users to rate the app, sometimes even before it has been fully utilized or before the free trial period comes to an end.

Gallagher pointed out that the Fleeceware applications are deliberately crafted to operate within the limits of Google and Apple's terms of service, and they do not openly violate security or privacy regulations. As a result, these apps rarely face rejection during the review process conducted by these app stores.

 “While Google and Apple have implemented new guidelines to curb fleeceware since we reported on such apps in 2019, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up. While some of the ChatGPT fleeceware apps included in this report have already been taken down, more continue to pop up—and it’s likely more will appear. The best protection is education. Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting ‘subscribe.’ Users can also report apps to Apple and Google if they think the developers are using unethical means to profit,” he said.

Guidelines for Unsubscribing from Fleeceware Apps

He recommended that users who have already installed the apps should adhere to the guidelines provided by the App Store or Google Play Store on how to "unsubscribe." Additionally, he emphasized that merely deleting the fleeceware app will not cancel the subscription.