ChatGPT is a popular artificial intelligence platform that allows users to have realistic conversations with chatbots. But some app developers are taking advantage of the AI craze to scam users with fake or low-quality ChatGPT apps that charge hefty fees for subscriptions.
According to a new report by Sophos X-Ops, a global leader in cybersecurity as a service, these apps are known as “fleeceware” because they overcharge users for functionality that is already free elsewhere. They also use social engineering and coercive tactics to convince users to sign up for a recurring payment, often without realizing the cost or how to cancel.
Sophos X-Ops investigated five of these ChatGPT fleeceware apps, which claimed to be based on ChatGPT’s algorithm. Some of them even used similar names, such as “Chat GBT” or “Ask AI Assistant,” to improve their ranking in the Google Play and Apple App Store. These apps charged anything from $10 a month to $70 a year for access to the chatbots, while OpenAI offers the basic functionality of ChatGPT for free online.
The apps also bombard users with ads and restrictions until they signed up for a subscription, which usually offered a free trial but with limited functionality. The apps were often poorly written and implemented, meaning they did not deliver the quality or performance expected from ChatGPT. They also inflated their ratings in the app stores through fake reviews and persistent requests of users to rate the app before it was even used or the trial ended.
“These types of scam apps—what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment,” said Sean Gallagher, principal threat researcher at Sophos.
Some of these apps made thousands or even millions of dollars from unsuspecting users. For example, the iOS version of “Chat GBT,” called Ask AI Assistant, charged $6 a week—or $312 a year—after the three-day free trial; it netted the developers $10,000 in March alone. Another fleeceware-like app, called Genie, which encouraged users to sign up for a $7 weekly or $70 annual subscription, brought in $1 million over the past month.
“Fleeceware apps are specifically designed to stay on the edge of what’s allowed by Google and Apple in terms of service, and they don’t flout the security or privacy rules, so they are hardly ever rejected by these stores during review. While Google and Apple have implemented new guidelines to curb fleeceware since we reported on such apps in 2019, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up. While some of the ChatGPT fleeceware apps included in this report have already been taken down, more continue to pop up—and it’s likely more will appear. The best protection is education. Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting ‘subscribe.’ Users can also report apps to Apple and Google if they think the developers are using unethical means to profit,” said Gallagher.
Sophos advises users who have downloaded these apps to follow the App or Google Play store’s guidelines on how to “unsubscribe.” Simply deleting the fleeceware app will not void the subscription.
All apps included in the report have been reported to Apple and Google by Sophos. The report, titled “’FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash,” can be accessed here.
Image: Mojahid Mottakin from Unsplash