Researchers at Appknox warn that malicious apps are impersonating popular AI tools like ChatGPT and DALL-E to trick users into installing malware on their mobile devices. Some of these apps simply collect user data to be sold to advertising services, while others act as full-fledged malware.
“The app ‘DALL·E 3 AI Image Generator,’ hosted on Aptoide, presents itself as an OpenAI product and promises AI-powered image generation, but contains no AI capability whatsoever,” Appknox writes. “Instead, the app connects exclusively to advertising and analytics services — Adjust, AppsFlyer, Unity Ads, and Bigo Ads — funneling user data for monetization.”
Another app, called “WhatsApp Plus,” installs “a full malware framework capable of surveillance, credential theft, and persistent background execution.”
“Once active, the malware silently requests extensive permissions: reading and writing contacts, accessing SMS and call logs, retrieving device accounts, and sending text messages,” the researchers write. “These privileges allow it to intercept one-time passwords, scrape address books, and even impersonate the victim in chats.”
Appknox explains that attackers frequently exploit popular trends to launch social engineering attacks. As AI tools grow increasingly popular, these attacks can be expected to continue.
“The flood of cloned applications reflects a deeper problem: brand trust has become a vector for exploitation,” Appknox says. “As AI and messaging tools dominate the digital landscape, bad actors are learning that mimicking credibility is often more profitable than building new malware from scratch. Some clones, like ChatGPT Wrapper, exist in the open. Others, like the DALL·E impersonator, blur the line on legality through advertising deception. And some, like WhatsApp Plus, weaponise familiarity into surveillance.”
AI-powered security awareness training can give your employees a healthy sense of suspicion so they can recognize social engineering tactics. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Appknox has the story.
