Malicious Android apps posing as ChatGPT tools are being distributed through unofficial channels to deliver malware that steals credentials and sensitive data. The attack vector leverages the popularity of AI services to trick users into installing the fake apps, which then maintain persistence on the device. This campaign underscores the need for verified app sources and strong mobile security controls to counter such social engineering threats.
Security researchers have identified malicious Android apps posing as ChatGPT tools that are being used to distribute malware. These fake apps are often promoted through unofficial channels and trick users into installing them by leveraging the popularity of AI services. Once installed, the malware can steal credentials, access sensitive data, and maintain persistence on the device. The campaign highlights how attackers rapidly exploit trending technologies to increase infection rates, especially on mobile platforms. As AI-branded apps proliferate, the findings reinforce the need for verified app sources, cautious downloads, and strong mobile security controls.