Fake ChatGPT Apps

Stephanie Adlam
Stephanie Adlam
8 Min Read
7 Malicious Fake ChatGPT Apps Explained
Frauds exploit ChatGPT not only for writing malware or email scam texts

Fake ChatGPT apps are still being used to steal passwords, browser sessions, crypto wallets, and payment data. The latest desktop-download scams copy OpenAI branding closely enough that a normal user may not notice the difference: in May 2026, the fake openew[.]app page offered Chat_GPT.exe for Windows and ChatGpt.dmg for macOS instead of the real ChatGPT app. So, what is ChatGPT virus? It is not ChatGPT itself; it is malware or chargeware hiding behind a familiar AI name.

There is also a separate AI-summary risk: ChatGPhish shows how a web page can push phishing links or QR codes into a trusted-looking ChatGPT summary, even when the user did not download a fake app.

Fake ChatGPT Sites: From Money Scams to Malware

The wave of hype around the public release of ChatGPT attracted a lot of attention from people, though not all of them were able to use it right away. Folks from a lot of countries were hunting for access to the novice technology, and it was quite obvious that rascals would find the way to scam the rushing ones. This started the wave of malicious fake ChatGPT apps, which now evolved into more sophisticated and diverse frauds.

Let’s talk about the typical profile of such a scam. The webpage involved in a scam typically has a strange URL, which contains ChatGPT or OpenAI name, and is commonly registered on a cheap TLD – .online, .xyz or the like. The exact website is made exquisitely simple, with minimum details and only a few buttons to click on. And all the activity on the website boils down to 2 things: downloading a file or paying a certain sum of money that will never be seen again.

In some cases, frauds opt for spreading mobile malware under the guise of a genuine app from OpenAI. This was especially profitable before the official one was released, but such frauds still go even these days. In the best case scenario, they just charge a sum of money for a cheap shell over GPT 3.5 API, which is free. Worse situations include no functionality at all, chargeware activity of the app, or a spyware/infostealer hidden inside.

I will begin reviewing the examples of fake ChatGPT sites and apps that spread outright malware. However, there were a couple with a financial scam at the end – you will see them in the end.

Openew[.]app fake ChatGPT desktop download

A newer fake desktop-download campaign used openew[.]app to imitate OpenAI’s ChatGPT download page and serve different malware to Windows and macOS visitors [1]. The page looked polished, used HTTPS, and presented separate buttons for each operating system, which is exactly what makes the scam convincing.

  • Windows: the fake download was named Chat_GPT.exe. Reported artifacts included %APPDATA%LeronApplication, EApp.exe, and PowerShell launched with -ExecutionPolicy Unrestricted -Command -.
  • macOS: the fake download was named ChatGpt.dmg and delivered Odyssey Stealer, an AMOS-family infostealer aimed at browser passwords, cookies, Telegram sessions, Keychain data, and cryptocurrency wallets.
  • Verification: use OpenAI’s own download links or in-app updates, not ads, cloned landing pages, file-sharing links, or third-party download mirrors [2].

This campaign should not be confused with the official OpenAI macOS certificate-rotation warning from April-May 2026. OpenAI said its published software was not altered and told users to update from official channels; that is different from installing a fake app from an unfamiliar domain [3].

Chat-gpt-pc[.]online

Probably, one of the earliest malicious fake ChatGPT sites, detected a year ago – in early February 2023. On a fairly nice designed site, frauds were offering to download a desktop client for the chat bot. For people who were not aware that the original Chat is available only on the OpenAI’s website, this was a seemingly legit offer. However, upon downloading and installing the supposed client, defrauded folks were infected with RedLine stealer. Most of the instances were promoted through Facebook ads and groups and, in some regions, via SEO poisoning.

openai-pc-pro.online fake ChatGPT

Openai-pc-pro[.]online

One more malicious website, that copies the design of the original OpenAI page and effectively repeats the first one in our list. Aside from the same page design, it was offering to download the “desktop client” for the chat bot. As you may guess, the downloaded file contained malware, specifically Redline Stealer. Since both were promoted from the same Facebook group with ChatGPT-related naming, I suspect they belong to the same malware spreading campaign.

Chatgpt-go[.]online

A malicious website that copied the design of the original OpenAI page with ChatGPT dialogue box, but without the usual input prompt. Instead of the latter, there was a button labeled “TRY CHATGPT”, which led to malware downloading. Several other interactive elements across the site were also downloading the malware. For payloads from that site, I detected Lumma Stealer and several clipper malware samples. The main way of promotion this time was malicious Google Ads.

Pay[.]chatgptftw[.]com

A fake ChatGPT that contrasts three previous examples. Instead of malware spreading, one tries to gather users’ payment information. By mimicking a billing page that allegedly takes pay for accessing the technology, frauds collect the complete set of banking info, including usernames and email addresses. The promotion ways for such scams were the same – groups and ads on Facebook.

pay-chatgptftw.com fake payment form

SuperGPT (Meterpreter inside)

The example of malware disguised as a SuperGPT Android app, which is a legit AI assistant derived from the original GPT model. It was rather obvious that scoundrels will take advantage of poor app moderation on GP in this case. The questions were about where and how the frauds will exploit it. On the surface, the app looks the same as the original one. Though, it in fact contains Meterpreter malware – a RAT/backdoor designed specifically for Android.

AI Chatbot

A recent semi-scam iOS program that looks like yet another ChatGPT-like application. Even though there is an official app, and people now are more aware of GPT-3.5 access being widely available, this thing does its job pretty well. It is hard to call one an outright scam or malware, as people deliberately give up the money. But the pricing of $50 for accessing the 3.5 model, along with the rather limiting interface, makes it a rather junky program to use.

Fake SuperGPT App

ChatGPT1

Another example of malware that targets Android devices, but this time, it falls under the designation of chargeware. This peculiar mobile-specific type of malware brings money to its devs by draining users’ mobile accounts and banking cards with covert subscription services. ChatGPT1 specifically does that by sending SMS messages to a premium number, each of them costing quite a penny.

How to Detect and Avoid Malicious Fake ChatGPT Apps?

Even though the brainchild of OpenAI has been around for over a year now, it is still a profitable topic for frauds. Promises to get access to a paid AI model for free or at a discount may sound attractive, but will inevitably have certain drawbacks. Such tricky services may range from a softcore swindle to outright malicious tricks. Here are a few tips to follow each time when you encounter an AI-related service.

If the offer is too good to be true, it is most likely not true. Who and what will ever offer paid AI models access at miserable prices? In legit cases, this still requires paying for the API access, and splitting the account may lead to lags and delays. But most of the time, frauds will take your money and give you a free/less expensive model, or nothing at all.

Be vigilant to the apps you download and install. A file from some shady site with a strange URL, that is allegedly a desktop ChatGPT version, just screams with red flags. Even if you encounter a seemingly legit offer, but on a strange domain or Google Play listing, be careful with the files they spread. Consider scanning such a download on our free Online Virus Scanner.

What to do if you installed a fake ChatGPT app

  1. Disconnect the affected device from sensitive accounts until you finish cleanup, especially email, password managers, crypto wallets, and work chat sessions.
  2. Uninstall the fake app and remove suspicious startup entries, browser extensions, and recently created folders such as %APPDATA%LeronApplication.
  3. Run a full malware scan with a trusted security tool. If the installer was an infostealer, treat the device as compromised even if the app window looked normal.
  4. From a clean device, change passwords for email, ChatGPT/OpenAI, financial accounts, social accounts, and any accounts stored in the browser. Revoke active sessions where each service provides that option.
  5. If you use crypto wallets, move funds to a fresh wallet from a clean device and reinstall wallet apps only from the vendor’s official site.

Gridinsoft users can scan the suspicious installer or the whole system with Gridinsoft Anti-Malware, then use the results to decide whether the issue was a fake ChatGPT installer, browser stealer, chargeware app, or another AI-themed lure.

FAQ

Is openew.app an official ChatGPT download site?

No. Treat openew[.]app as a fake ChatGPT download page. Use official OpenAI download pages, in-app updates, or trusted app-store listings instead.

What should I check after running Chat_GPT.exe?

Check for new files under %APPDATA%, suspicious startup items, PowerShell activity, unknown browser extensions, and unexpected account sessions. Then scan the system and change passwords from a clean device.

Is a macOS ChatGPT malware warning always a fake app?

No. In 2026, some users saw warnings related to OpenAI’s certificate rotation for older legitimate macOS apps. Reinstalling from OpenAI’s official link is the safe path; downloading a replacement from an ad or third-party site is not.

References

  1. Malwarebytes Threat Intelligence. “Fake ChatGPT download site infects Windows and Mac users with malware.” Malwarebytes Labs, May 28, 2026, accessed May 31, 2026. https://www.malwarebytes.com/blog/threat-intel/2026/05/fake-chatgpt-download-site-infects-windows-and-mac-users-with-malware
  2. OpenAI Help Center. “Downloading the ChatGPT macOS app.” OpenAI, updated May 2026, accessed May 31, 2026. https://help.openai.com/en/articles/9275200-downloading-the-chatgpt-macos-app
  3. OpenAI. “Our response to the Axios developer tool compromise.” OpenAI, April 10, 2026, accessed May 31, 2026. https://openai.com/index/axios-developer-tool-compromise/
Top 4 Signal Scams to be Aware About
Binance Smart Contracts Blockchain Abused in Malware Spreading
Shougnoboassi.net Redirect Virus
Top Threats That Anti-Malware Catches
W3LL Targets Microsoft 365 Accounts with Sophisticated Phishing Kit
TAGGED:
Share This Article
ByStephanie Adlam
Follow:
Stephanie is our wordsmith, transforming technical research into engaging content that resonates with users. Her expertise in cybercrime prevention and online safety ensures that Gridinsoft's advice is accessible to everyone—whether they’re tech-savvy or not.
Previous Article MIT Students' Data Leaked On the Darknet MIT Hacked, Students’ Data Sold on the Darknet
Next Article Desktop Windows Manager uses a lot of resources DWM Crashed: How to Fix It
1 Comment

AI Assistant

Hello! 👋 How can I help you today?