Skip to content

CTI Roundup: Threat Actors Exploiting ChatGPT

Hackers use fake ChatGPT apps to push Windows and Android malware, attackers flood NPM repository with over 15,000 spam packages containing phishing links, and New Stealc malware emerges with a wide set of stealing capabilities.

Emerging Issue

In our latest intelligence roundup, CTI investigates the recent wave of cybercrime seeking to monetize OpenAI’s popular ChatGPT application. Observed malicious activity ranges from Windows and Android malware distribution to phishing and fraudulent payment pages. Next, CTI explores another threat facing an open-source software repository in the form of a campaign in which threat actors are leveraging automation to produce thousands of spam packages in just a few hours. Finally, CTI analyzes a new information stealer called Stealc, which was recently discovered being advertised for sale on the dark web, described by its developers as a fully featured, ready-to-use stealer.

1. Hackers use fake ChatGPT apps to push Windows, Android malware

Threat actors have begun exploiting OpenAI’s ChatGPT chatbot to distribute malware for Windows and Android, along with using fake social media pages for the much-hyped tech to redirect victims to phishing pages.

ChatGPT: a refresher

ChatGPT was launched in November 2022 and has gained immense traction since; becoming what BleepingComputer describes as the most rapidly growing consumer application in modern history, with more than 100 million users by January 2023. Developed and released by OpenAI, an artificial intelligence (AI) research and development firm, ChatGPT is a chatbot based on an extremely effective machine learning model.

Almost immediately following its public launch, reports began to emerge describing instances wherein ChatGPT was being abused by cyber threat actors for malicious purposes. Security researchers reported malicious activity involving ChatGPT being used to create malware and encryption tools, facilitate fraudulent activity, write convincing phishing emails, and more.

For its part, OpenAI seemed to have anticipated such activity. A February 20, 2018, blog post on OpenAI’s website, titled “Preparing for Malicious Uses of AI,” describes a research paper the company co-authored:

We’ve co-authored a paper that forecasts how malicious actors could misuse AI technology, and potential ways we can prevent and mitigate these threats… AI challenges global security because it lowers the cost of conducting many existing attacks, creates new threats and vulnerabilities, and further complicates the attribution of specific attacks.

The unprecedented growth of ChatGPT eventually led OpenAI to throttle use of the tool, launching a $20 per month subscription tier for users seeking to use the chatbot with no availability issues.

Constant availability creates new issues

This new restriction on unlimited access to ChatGPT created an unanticipated circumstance — it created perfect conditions for threat actors seeking to take advantage of the tool’s popularity by allowing them to lure victims by (falsely) promising them uninterrupted and free access to the newly-created premium ChatGPT tier.

These offers ultimately aim to distribute malware to unsuspecting victims or convince them to provide the attackers with their account credentials.

Among the first to notice an example of this methodology was security researcher Dominic Alvieri, who observed the domain “” being used to infect visitors with the Redline info-stealing malware, masquerading as a download for a ChatGPT Windows desktop client. This website was being advertised via a Facebook page plastered with official ChatGPT logos in order to trick users into getting redirected to the malicious site. Similar promotions were observed on Google Play and third-party Android app stores, each distributing malicious software.

Analyst comments from Tanium’s Cyber Threat Intelligence Team

“As the chatbot’s profile rises, so does the number of threat actors seeking to leverage the application to launch malware and phishing attacks. The number of posts appearing on underground markets, selling ChatGPT interfaces designed to aid unskilled hackers in launching convincing phishing campaigns or improving their malware, has also risen exponentially in response to ChatGPT’s success. This only serves to further lower the barrier to entry with regards to low-sophistication hackers trying to enter the cybercrime arena.”

2. Attackers flood NPM repository with over 15,000 spam packages containing phishing links

Researchers at Checkmarx discovered a surge of thousands of spam packages uploaded to the NPM open-source repository from multiple user accounts within just a few hours.

The investigation revealed that the packages were created using automated processes. The packages contain the same automation code used to generate themselves, which researchers believe was likely uploaded by the threat actor in error.

About the discovery

Checkmarx discovered an anomaly in the NPM ecosystem on February 20, 2023, when cross-referencing new information with their databases. The researchers noticed large quantities of new packages had been published to NPM. These packages were revealed to be part of the popular attack vector, in which attackers spam open-source repositories with packages containing links to phishing campaigns. Automated processes appear to have created over 15,000 packages in NPM and related accounts.

Phishing sites

To promote the phishing campaign, the attackers used packages with names related to hacking, cheats, and free resources. Some of the package names include things like “free-tiktok-followers” and “free-xbox-codes” to entice users into clicking the phishing links with the promise of game cheats and increased followers. The description portion of the packages contained links to various phishing sites.

The phishing campaign linked to several unique URLs across multiple domains, with each domain hosting multiple phishing web pages under different paths. The phishing pages are rather convincing and, in some cases, even included fake interactive chat options that will respond to messages if the victim chooses to interact.

The phishing pages include a fake flow that pretends to process data and generate the promised gift. This process failed most of the time, and the victim was then asked to enter a phase of human verification steps. This involved multiple sites referring the user from one to another, asking the user to respond to various questions and surveys. In many cases, the user is redirected to a legitimate eCommerce website.

Referrals rewards for the threat actor

Researchers discovered similar Python scripts with similar functions that seem to be the ones automatically generating and publishing the spam packages.

They also found other “helper.txt” files that appear to be part of the automation. One notable file is a python script within the packages that includes all steps of the package publication.

It appears that the threat actor either created or had access to several news-like sites in which it could publish content. The last task in the python script is to append links to unrelated posts in these news-like sites. These links direct to the webpages of packages the attacker published on NPM’s site. To do this, the attacker leverages the ‘selenium’ python package to interact with these WordPress sites. They first need to authenticate as an editor before posting the package links.

Researchers believe the uploading of these scripts was not intentional. The main support behind this belief is the fact that the scripts include the credentials used to authenticate with the WordPress site.

Analyst comments from Tanium’s Cyber Threat Intelligence Team

“This story highlights how quickly threat actors can pivot to keep up with the latest lucrative attack models. Many of the previous attacks featuring malicious packages discovered on open-source repositories seem to be of a smaller scale, perhaps indicating a more manual method of delivery. In this campaign, the threat actor took this to the next level, investing time and effort into automation to conduct a larger attack impacting over 15,000 packages in a short period of time.”

3. New Stealc malware emerges with a wide set of stealing capabilities

A recent blog post by cybersecurity firm SEKOIA.IO details the identification of a new information stealer, Stealc.

Stealc was discovered on the dark web and is presented by the threat actor as a fully featured/ready-to-use stealer based on Vidar, Raccoon, Mars, and Redline stealers. SEKOIA.IO’s investigation led to the discovery of several dozen Stealc samples distributed in the wild and more than 40 Stealc command and control servers.

Stealc on the dark web

The Stealc information stealer was first advertised on Russian-speaking underground forums on January 9, 2023. The threat actor advertising it goes by Plymouth on these forums. This threat actor published a lengthy description detailing the new malware and its wide range of stealing capabilities. After this first publication, Plymouth continued to advertise Stealc, attempting to reach a larger audience via additional channels.

In an effort to gain the trust of potential customers, Plymouth offered ‘free’ malware tests to cybercrime forum users. Plymouth required a .02 Bitcoin deposit (which translated to roughly $400 at that time) for a weekly test.

Plymouth ended up releasing several versions of Stealc, publishing changelogs on different forums and on a dedicated Telegram channel. The timeline of Plymouth’s publications reveals that Stealc is still actively undergoing development.

Advertised capabilities

Based on the dark web advertisement, Stealc targets sensitive data from most web browser extensions for cryptocurrency wallets, desktop cryptocurrency wallets, and information from additional applications like email and messenger software. The data collection configuration can apparently be customized to tailor the malware to the attacker’s needs.

Stealc implements a customizable file grabber to allow the attacker to steal files matching the grabber rules. It also has loader capabilities that are traditional for information stealers being sold as a Malware-as-a-Service (MaaS). Stealc can target several web browsers ranging from Chrome to Opera to Firefox.

The Stealc administration panel allows its attackers to set up the malware configuration, parse/display/filter/sort/analyze the stolen data and download the logs.

Analyst comments from Tanium’s Cyber Threat Intelligence Team

“It’s no wonder that Stealc is an infostealer fully equipped with an impressive range of capabilities. After all, competing malware developers are engaged in a constant struggle against one another, competing to see who can produce the stealer with the most functionality the fastest. This typically involves building new malware strains on code foundations cribbed from other top-tier malware families.”

“In this tradition, the Stealc developer notes that this malware relies on some big-name infostealers like Raccoon and RedLine; the consistent stream of updates applied to Stealc since its appearance just last month is indicative of the developer’s drive to bring this malware up to par with other competing infostealers — and fast.”

“SEKOIA.IO has also noted that its in-depth technical analysis of Stealc will be published in the near future – more updates to come.”

For further reading, catch up on our recent cyber threat intelligence roundups.

Tanium CTI

Tanium's Cyber Threat Intelligence (CTI) analysts process and extract trends from the daily cyber landscape to curate and deliver current intel to stakeholders around threats impacting business and security.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.