ChatGPT-Related Malicious URLs on the Rise

Written by

The number of newly registered and squatting domains related to ChatGPT grew by 910% monthly between November 2022 and early April 2023.

The findings, shared by Palo Alto Networks’ Unit 42 earlier today, also mention a 17,818% growth of related squatting domains from DNS Security logs in the same timeframe.

“We also saw up to 118 daily detections of ChatGPT-related malicious URLs captured from the traffic seen in our Advanced URL Filtering system,” reads the new advisory by Peng Peng, Zhanhao Chen and Lucas Hu.

Among the trends observed by the researchers, multiple phishing URLs tried to pose as official OpenAI websites.

“Typically, scammers create a fake website that closely mimics the appearance of the ChatGPT official website, then trick users into downloading malware or sharing sensitive information,” Unit 42 explained.

“Additionally, scammers might use ChatGPT-related social engineering for identity theft or financial fraud.”

Read more on ChatGPT-enabled attacks here: ChatGPT Creates Polymorphic Malware

Palo Alto Networks also observed some scammers exploiting the increasing popularity of OpenAI for crypto frauds, for instance, trying to attract victims into fraudulent crypto giveaway events.

But some fraudulent websites actually leverage the official ChatGPT API, made available by OpenAI in March.

“Given the fact that ChatGPT is not accessible in certain countries or regions, websites created with these automation tools or the API could attract a considerable number of users from these areas,” the research team explained.

“This also provides threat actors the opportunity to monetize ChatGPT by proxying their service.”

According to the team, these tools, as well as the general increase in registered domains and squatting domains related to ChatGPT, represent a growing trend.

“To stay safe, ChatGPT users should exercise caution with suspicious emails or links related to ChatGPT,” reads the advisory. “Moreover, the usage of copycat chatbots will bring extra security risks. Users should always access ChatGPT through the official OpenAI website.”

The Unit 42 advisory comes weeks after a ChatGPT vulnerability allegedly exposed payment-related information of some customers.

What’s hot on Infosecurity Magazine?