The legitimate application is an AI assistant built on the most recent version of ChatGPT. If exploitation is successful, the malicious version of this application allows the actor to gain remote access to an Android device.



Another cluster of APK malware samples was also discovered by the researchers. On the surface, the malware appears to be displaying a webpage with a description of ChatGPT. However, this threat hides a sinister intent beneath it, according to the report.



In addition, all of these APK samples use the OpenAI logo, which is frequently associated with ChatGPT, as their application icon, adding to the deceptive narrative that this application is associated with the ChatGPT AI tool.



These APK malware samples are capable of sending SMS messages to premium-rate numbers in Thailand.