Malicious ChatGPT Apps Are Tracking Users and Stealing Sensitive Information

The explosive growth of AI-powered mobile applications has created an ideal breeding ground for cybercriminals exploiting brand trust.

Security researchers at Appknox have identified a disturbing trend: fake ChatGPT, DALL·E, and WhatsApp clones are proliferating across alternative app stores, weaponizing familiar branding to deceive users and compromise enterprise devices.

According to SensorTower’s 2025 State of Mobile Report, AI-related mobile apps accounted for 13% of all global app downloads in 2024, totaling 17 billion downloads. This explosive adoption has made AI tools attractive targets for attackers seeking both monetization opportunities and data theft vectors.

The threat spectrum ranges from opportunistic adware to full-blown spyware infrastructure. Appknox’s analysis uncovered three distinct attack patterns. The first category comprises ad-driven impersonators, such as the DALL·E 3 AI Image Generator app on Aptoide.

Despite claiming OpenAI affiliation through package naming (com.openai.dalle3umagic) and UI mimicry, the application contains zero AI functionality.

Instead, it funnels user data exclusively to advertising networks, including Adjust, AppsFlyer, Unity Ads, and Bigo Ads. Network traffic analysis revealed no legitimate API calls only advertising infrastructure designed to monetize user attention through deception.

The Critical Threat: Trojan-Laden Clones

Far more dangerous are malware-laden clones like WhatsApp Plus, which masquerade as enhanced versions of the messenger.

This application employs sophisticated obfuscation techniques, including the Ijiami packer, a malware tool commonly used to encrypt and hide malicious code.

The APK is signed with fraudulent certificates (CN=bwugtq, O=twzqicusmq, C=DE) rather than Meta’s legitimate keys, immediately signaling compromise.

Upon installation, WhatsApp Plus requests extensive system permissions: SMS and call log access, contact database retrieval, device account enumeration, and messaging capabilities.

This permission combination enables attackers to intercept one-time authentication codes, scrape address books, and impersonate victims across communications platforms.

Embedded native libraries such as libijm-emulator.so maintain persistent background execution, ensuring the malware operates even after app closure.

Network forensics revealed domain fronting techniques masking malicious traffic behind legitimate AWS and Google Cloud endpoints, mimicking the tactics of sophisticated spyware families previously attributed to Triout and AndroRAT.

VirusTotal and MalwareBazaar detections confirm the APK as a Trojan/Spyware, with capabilities that include SMS interception and account hijacking.

For enterprise environments, the implications are catastrophic. Compromised devices enable attackers to intercept banking verification codes, register fraudulent accounts using victim identities, and infiltrate corporate infrastructure.

Such breaches violate GDPR, HIPAA, and PCI-DSS standards, potentially resulting in multimillion-dollar fines and severe reputational damage. IBM’s 2023 data indicates average breach costs reaching $4.45 million, which figures that escalate significantly when regulatory violations occur.

Appknox researchers emphasize that traditional app vetting mechanisms fail to prevent post-launch threats. Continuous app store monitoring, certificate verification, and automated vulnerability scanning are now essential security imperatives.

Organizations must implement real-time detection of impostor listings across global app stores while educating users to download exclusively from official platforms and verify publisher credentials.

The evolving threat landscape demonstrates that security measures cannot terminate at deployment; they must remain vigilant throughout an application’s entire lifecycle.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates