Researchers identified an ongoing BatLoader campaign relying on Google Search Ads to deliver rogue web pages for ChatGPT and Midjourney.
The rogue pages are designed to promote fake apps of popular AI services.
In the campaign observed by the researchers, threat actors are using BatLoader in the form of MSIX Windows App Installer files to deliver the Redline Stealer.
Both AI services are extremely popular but lack first-party standalone apps (i.e., users interface with ChatGPT via their web interface, while Midjourney uses Discord). This vacuum has been exploited by threat actors looking to drive AI app-seekers to imposter web pages promoting fake apps.
Users searching on Google for “chatgpt” were redirected to an imposter download page for ChatGPT hosted on hxxps://pcmartusa[.]com/gpt/.
Visitors are tricked into downloading a fake Windows ChatGPT app by clicking on the button on the landing page that actually redirects them to a BatLoader Payload site.
The installer is downloaded from the job-lionserver[.]site as Chat-GPT-x64.msix, digitally signed by ASHANA GLOBAL LTD.
The final package was created using Advanced Installer version 20.2 with a professional license.
Upon opening the package in AdvancedInstaller, the experts discovered that the application would execute both an executable (ChatGPT.exe) and a PowerShell script (Chat.ps1).
The installer fetches and executes the RedLine Stealer from a remote server.
This Redline sample is configured to connect to IP 185.161.248[.]81 using the Bot ID “ChatGPT_Mid”, a reference to the two lures used in this campaign (ChatGPT and MidJourney).
Examining ChatGPT.exe, TRU observed that the executable uses Microsoft Edge WebView2 to load https://chat.openai.com/ in a pop-up window post-installation.
Attackers used this executable to trick the users into believing they had installed a legitimate application. The users will display a popup window containing the ChatGPT web page embedded in a browser window. The functionality of this executable is yet to be determined.
In a separate case observed on May 2023, using a similar infection scheme to advertise a rogue page for Midjourney. In this case, the visitors were downloading Midjourney-x64.msix, which is a Windows Application Package also signed by ASHANA GLOBAL LTD.
Generative AI technologies and chatbots have exploded in popularity in 2023. Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access. Threat actors have been keen to exploit the popularity of these tools, promising unrestrictive access. Telemetry shows Google Search Ads abuse (explained here) peaked in popularity in Q4 2022 and early 2023. The success rate has diminished, suggesting Google has tamped down on abuse of their ad service. However, this recent campaign shows malicious ads can still slip by moderators and deliver victims malware.