CYBERSECURITY firm Sophos warned mobile users on Monday of a supposed scam involving ChatGPT-based fleeceware, which are applications that allegedly “coerce” users to a paid subscription.
In a statement, Sophos said fleeceware, which takes advantage of certain “app store policy loopholes” and uses “coercive tactics to overcharge users,” are now using mobile assistant applications using artificial intelligence (AI).
According to the company, these apps are “masquerading as legitimate ChatGPT-based chatbots… [that] overcharge users and bring in thousands of dollars a month.”
Citing its latest report, Sophos said “these apps have popped up in both the Google Play and Apple App Store, and, because the free versions have near-zero functionality and constant ads, they coerce unsuspecting users into signing up for a subscription that can cost hundreds of dollars a year.”
“Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception. With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT. These types of scam apps—what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription,” Sophos Principal Threat Researcher Sean Gallagher was quoted in a statement as saying.
Gallagher noted that these “scammers” are “banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription.”
“They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment,” he added.
Sophos investigated five alleged fleeceware apps, all of which claimed to be based on ChatGPT’s algorithm.
OpenAI, which was the platform for the development of ChatGPT, offers basic functionality of the AI solution to users for free. The supposed fleeceware apps were said to have charged users as low as $10 per month to $70 per year.
Fleeceware apps supposedly overcharge users for functionality that is already free elsewhere, as well as using social engineering and coercive tactics to convince users to sign up for a recurring subscription payment.
Sophos said these apps are often poorly written and implemented, meaning app function is often less than ideal even after users switch to the paid version. They also inflate their ratings in the app stores through fake reviews and persistent requests of users to rate the app before it’s even been used or the free trial ends.
According to Gallagher, apps with fleeceware “are specifically designed to stay on the edge of what’s allowed by Google and Apple in terms of service.”
“And they don’t flout the security or privacy rules, so they are hardly ever rejected by these stores during review,” he added. “While Google and Apple have implemented new guidelines to curb fleeceware since we reported on such apps in 2019, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up.”
Gallagher noted that these types of apps continue to be developed, even as their predecessors have been banned from the mobile stores.
“While some of the ChatGPT fleeceware apps included in this report have already been taken down, more continue to pop up—and it’s likely more will appear. The best protection is education. Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting ‘subscribe.’ Users can also report apps to Apple and Google if they think the developers are using unethical means to profit,” said Gallagher.
He advised users to follow the App or Google Play store’s guidelines on how to “unsubscribe.” Simply deleting the fleeceware app will not void the subscription.
