In a new malware campaign, fake ChatGPT invitations are being sent to Android users.

Cybercriminals are always coming up with new ways to get people to download dangerous software This article explores hackers using firebase. . Hackers have moved on to a new target after a recent wave of phishing attacks on iOS users.

A new malware campaign is now going after Android users all over the world. This attack takes advantage of how popular social media sites and AI tools are to trick people into giving up their personal information. Attackers are able to trick people into installing dangerous malware on their mobile devices by sending them fake beta testing invitations for ChatGPT and Meta advertising apps. How the Malware Campaign Works Hackers are using Firebase App Distribution to spread their bad apps.

Google's Firebase is a real tool that developers use to send beta versions of their apps to trusted testers. The emails inviting people to use the service come from the address "firebase-noreply@google.com" because it is an official Google service. The whole scam is based on this official sender address.

People are very likely to trust an email from Google and click on the links right away. Fake ChatGPT Invites Target (Source: SpiderLabs) Defending Against The Threat and Finding Compromise To stay safe from this kind of attack, you need to be careful and aware. The most important thing to do is to be very suspicious of invitations to test new apps that you didn't ask for, even if they seem to come from a company you trust.

It's not common for real developers to send beta-testing invites to random users out of the blue. If you get an email out of the blue offering you early access to a popular app, it's best to ignore it completely. You should only get apps from the official Google Play Store.

Before they are published, apps go through basic security checks. Fake ChatGPT Invites Target (Source: SpiderLabs) Network administrators and security teams can also do things to stop this threat from happening. Companies can stop these bad apps from getting into their data by keeping an eye on network traffic and device installations. Spider Labs Tracking specific markers, known as Indicators of Compromise (IOCs), is an effective way to detect whether an attack is underway.

Details about the type of indicator The name of the application package is com.Application Package for OpenAIGPTAds Name: com.opengpt.ads The name of the application package is com.meta.adsmanager. Malicious Email Domain thcsmyxa-nd[. ]com Malicious Email Domain moitasec[.

]com Security researchers have made a list of known IOCs that are linked to the attacks to help find and stop this malware campaign. Some of these are the exact package names of the fake apps and the email domains that the attackers used to send them. Blocking these domains at the network level can stop phishing emails from getting to users. The table below shows the exact package names and bad domains that are linked to this fake ChatGPT and Meta app campaign.