Key Points
- Over 35k coordinated phishing campaign across April impersonating Google Gemini and OpenAI/ChatGPT to distribute credential-harvesting mobile applications
- Fraudulent apps pose as AI-powered advertising tools but capture Facebook/Meta login credentials
- Campaign targets social media managers with access to Meta Business Manager across US, UK and Australia
- Malicious apps identified across Apple App Store in Australia and United States
Campaign Overview
The Mimecast Threat Research team has been tracking a phishing campaign that exploits the popularity of AI platforms to distribute malicious mobile applications. This campaign impersonates trusted brands, specifically Google Gemini and OpenAI/ChatGPT to lure business users into downloading fraudulent apps from the Apple App Store.
The attack begins with phishing emails using subject lines such as "Google Gemini LLC has invited you to test Google Gemini Advertising" or "ChatGPT has invited you to test OpenAI Advertising." These messages present themselves as exclusive invitations to test new AI-powered advertising products, specifically targeting business owners and marketing professionals who manage social media advertising campaigns.
Once installed, these apps deviate entirely from their advertised purpose. Instead of providing AI-powered advertising tools, they present users with a Facebook/Meta login experience typically implemented through embedded web content.
This deceptive interface captures usernames, passwords, and potentially session-related data, which are then exfiltrated to attacker-controlled servers.
Please click HERE to read the entire article. We welcome your questions; please ask them by posting a comment below.
Thank you for reading,
Hiwot
