Cyber Security Threat Summary:
“In early May, researchers at eSentire Threat Response Unit (TRU) spotted an ongoing BatLoader campaign using Google Search Ads to redirect victims to imposter web pages for AI-based services like ChatGPT and Midjourney” (Info Security Magazine, 2023). Threat actors are using BatLoader in the form of an MSIX Windows App Installer file to deliver Redline Stealer.

Neither ChatGPT or Midjourney have standalone apps, both are accessed via a web interface. Threat actors have been promoting fake applications for both technologies via malicious web pages. Users searching on Google for “chatgpt” were redirected to an imposter download page for ChatGPT hosted on hxxps://pcmartusa[.]com/gpt/. The web page is used to trick users into downloading a fake Windows ChatGPT app. A button on the landing page redirects users to the actual BatLoader payload site.

The installer is downloaded from the job-lionserver[.]site as Chat-GPT-x64[.]msix, which is digitally signed by ASHANA GLOBAL LTD. The final package was created by a Russian speaker using Advanced Installer version 20.2 with a professional license. Upon opening the package in AdvancedInstaller, the experts discovered that the application will execute both an executable ChatGPT[.]exe and a PowerShell script Chat[.]ps1. The installer fetches and executes the RedLine Stealer from a remote server. “This Redline sample is configured to connect to IP 185[.]161[.]248[.]81 using the Bot ID “ChatGPT_Mid”, a reference to the two lures used in this campaign ChatGPT and MidJourney.” continues the analysis.

Security Officer Comments:
Examining ChatGPT[.]exe, TRU observed that the executable uses Microsoft Edge WebView2 to load https://chat.openai[.]com/ in pop-up window post-installation.” Users may be tricked into believing they have installed a legitimate application, but in reality, WebView2 is just connecting to the real ChatGPT web page.

The experts also detailed a separate case, that was observed on May 2023, using a similar infection scheme to advertise a rogue page for Midjourney. In this case, the visitors were downloading Midjourney-x64[.]msix, which is a Windows Application Package also signed by ASHANA GLOBAL LTD.

RedLine Stealer has been active in the market since 2020 and is targeting victims using various applications and methods that include phishing. RedLineStealer executable is a Windows-based x86 architecture graphical user interface (GUI) application written in the .NET language. RedLine Stealer malware stands out in the stealer family because of its rich capabilities; the stealer payload has been used in multiple forms like crack tools and is available on the surface web. Also, the threat actors behind RedLine Stealer are active and selling this malware as a service.

Generative AI technologies are getting more popular. Organizations are updating their Acceptable Use Policies, or blocking employees from accessing ChatGPT and alternatives on work issued machines and networks. Users may attempt to circumvent company restrictions by downloading a desktop version of these clients. These desktop version however do not currently exist. Threat actors have been abusing the Google Ads service to push malware, they will likely continue exploiting the recent generative AI boom to target victims.

Suggested Correction(s):
Users should only download applications from legitimate sources. Like phishing attacks, domains should be checked thoroughly. Watch for typosquatted URLs that may be similar to the legitimate sources. Never download executable files from unknown or third party webpages. If possible, check for a company supplied hash value to ensure you have the correct version and that an application has not been tampered with.

Link(s):
https://www.infosecurity-magazine.com/news/batloader-impersonates-chatgpt/
https://www.esentire.com/blog/batloader-impersonates-midjourney-chatgpt-in-drive-by-cyberattacks