Now Hiring: IT Support Engineer

News

IT NEWS

Attack of the clones: Fake ChatGPT apps are everywhere

by November 4, 2025

The mobile AI gold rush has flooded app stores with lookalikes—shiny, convincing apps promising “AI image generation,” “smart chat,” or “instant productivity.” But behind the flashy logos lurks a spectrum of fake apps, from harmless copycats to outright spyware.

Spoofing trusted brands like OpenAI’s ChatGPT has become the latest tactic for opportunistic developers and cybercriminals to sell their “inventions” and spread malware.

A quick scan of app stores in 2025 shows an explosion of “AI” apps. As Appknox research reveals, these clones fall along a wide risk spectrum:

  • Harmless wrappers: Some unofficial “wrappers” connect to legitimate AI APIs with basic add-ons like ads or themes. These mostly create privacy or confusion risks, rather than direct harm.
  • Adware impersonators: Others abuse AI branding just to profit from ads. For example, a DALL·E image generator clone mimicking OpenAI’s look delivers nothing but aggressive ad traffic. Its only purpose: funneling user data to advertisers under the guise of intelligence. Package com.openai.dalle3umagic is detected by Malwarebytes as Adware.
  • Malware disguised as AI tools: At the extreme, clones like WhatsApp Plus use spoofed certificates and obfuscated code to smuggle spyware onto devices. Once installed, these apps scrape contacts, intercept SMS messages (including one-time passwords), and quietly send everything to criminals via cloud services. WhatsApp Plus is an unofficial, third-party modified version of the real WhatsApp app, and some variants falsely claim to include AI-powered tools to lure users. Package com.wkwaplapphfm.messengerse is detected by Malwarebytes as Android/Trojan.Agent.SIB0185444803H262.

We’ve written before about cybercriminals hiding malware behind fake AI tools and installed packages that mimic popular services like Chat GPT, the lead monetization service Nova Leads, and an AI-empowered video tool called InVideo AI.

How to stay safe from the clones

As is true with all malware, the best defense is to prevent an attack before it happens. Follow these tips to stay safe:

  • Download only from official stores. Stick to Google Play or the App Store. Don’t download apps from links in ads, messages, or social media posts.
  • Check the developer name. Fake apps often use small tweaks—extra letters or punctuation—to look legitimate. If the name doesn’t exactly match, skip it.
  • Read the reviews (but carefully). Real users often spot bad app behavior early. Look for repeated mentions of pop-ups, ads, or unexpected charges.
  • Limit app permissions. Don’t grant access to contacts, messages, or files unless it’s essential for the app to work.
  • Keep your device protected. Use trusted mobile security software that blocks malicious downloads and warns you before trouble starts.
  • Delete suspicious apps fast. If something feels off—battery drain, pop-ups, weird network traffic—uninstall the app and run a scan.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Tags: