OpenAI's ChatGPT chatbot has been a phenomenon, taking the internet by storm.
Whether it is composing poetry, writing essays for college students, or finding bugs in computer code, it has impressed millions of people and proven itself to be the most accessible form of artificial intelligence ever seen.
Yes, there are plenty of fears about how the technology could be used and abused, questions to be answered about its ethical use and how regulators might police its use, and worries that some may not realise that ChatGPT is not as smart as it initially appears.
But no-one can deny that it has generated a huge amount of interest from the general public.
And what might Joe Public want to do first when they hear about ChatGPT? Why, give it a try of course!
And that's where things can go badly wrong, because - as security researcher Dominic Alvieri has warned - malicious hackers are taking advantage of people searching the internet for ChatGPT to direct them to malware and phishing sites.
Cybercriminals are using the promise of free-of-charge access to premium ChatGPT as a lure, tricking users into downloading malware or enter their passwords.
Some of the malicious ChatGPT clones have managed to make it as far as the official Google Play Store, as well as third-party app stores.
Meanwhile, researchers at Cyble report that a bogus Facebook page has been created, purporting to be the official presence of OpenAI's ChatGPT.
Predictably, links posted on the Facebook page direct unsuspecting users to a typosquatted domain that masquerade as the official site for ChatGPT, and ultimately direct users into downloading executable code designed to steal information.
Similar examples include malicious apps which commit fraud, plant adware and spyware, and other malicious activities.
In one instance described by Cyble's researchers, they describe a bogus ChatGPT app for Android which subscribes users to premium-rate SMS services without their knowledge.
Another, a variant of the Spynote malware, steals sensitive information from users' Android devices, including call logs, contacts, SMS messages. media files and other data.
As ever, take great care about where you visit on the internet, use up-to-date security software to defend your computer and its data, follow safe computing best practices, and stay alert to threats and how best to protect against them.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Zero Trust and the Seven Tenets
Understand the principles of Zero Trust in cybersecurity with Tripwire's detailed guide. Ideal for both newcomers and seasoned professionals, this resource provides a practical pathway to implementing Zero Trust, enhancing your organization's security posture in the ever-evolving digital landscape.
