CINXE.COM

<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="http://gmpg.org/xfn/11"> <link rel="pingback" href="https://news.sophos.com/xmlrpc.php"> <link rel="alternate" hreflang="es-419" href="https://news.sophos.com/es-419/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash" /> <link rel="alternate" hreflang="nl-nl" href="https://news.sophos.com/nl-nl/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash" /> <link rel="alternate" hreflang="pt-br" href="https://news.sophos.com/pt-br/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash" /> <link rel="alternate" hreflang="de-de" href="https://news.sophos.com/de-de/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash" /> <link rel="alternate" hreflang="en-us" href="https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash" /> <link rel="alternate" hreflang="fr-fr" href="https://news.sophos.com/fr-fr/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash" /> <link rel="alternate" hreflang="es-es" href="https://news.sophos.com/es-es/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash" /> <link rel="alternate" hreflang="it-it" href="https://news.sophos.com/it-it/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash" /> <link rel="alternate" hreflang="ja-jp" href="https://news.sophos.com/ja-jp/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash" /> <link rel="alternate" hreflang="zh-tw" href="https://news.sophos.com/zh-tw/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash" />  <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-TW8W88B');</script>  <script type="text/javascript"> /* <![CDATA[ */ (()=>{var e={};e.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),function({ampUrl:n,isCustomizePreview:t,isAmpDevMode:r,noampQueryVarName:o,noampQueryVarValue:s,disabledStorageKey:i,mobileUserAgents:a,regexRegex:c}){if("undefined"==typeof sessionStorage)return;const d=new RegExp(c);if(!a.some((e=>{const n=e.match(d);return!(!n||!new RegExp(n[1],n[2]).test(navigator.userAgent))||navigator.userAgent.includes(e)})))return;e.g.addEventListener("DOMContentLoaded",(()=>{const e=document.getElementById("amp-mobile-version-switcher");if(!e)return;e.hidden=!1;const n=e.querySelector("a[href]");n&&n.addEventListener("click",(()=>{sessionStorage.removeItem(i)}))}));const g=r&&["paired-browsing-non-amp","paired-browsing-amp"].includes(window.name);if(sessionStorage.getItem(i)||t||g)return;const u=new URL(location.href),m=new URL(n);m.hash=u.hash,u.searchParams.has(o)&&s===u.searchParams.get(o)?sessionStorage.setItem(i,"1"):m.href!==u.href&&(window.stop(),location.replace(m.href))}({"ampUrl":"https:\/\/news.sophos.com\/en-us\/2023\/05\/17\/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash\/?amp=1","noampQueryVarName":"noamp","noampQueryVarValue":"mobile","disabledStorageKey":"amp_mobile_redirect_disabled","mobileUserAgents":["Mobile","Android","Silk\/","Kindle","BlackBerry","Opera Mini","Opera Mobi"],"regexRegex":"^\\\/((?:.|\\n)+)\\\/([i]*)$","isCustomizePreview":false,"isAmpDevMode":false})})(); /* ]]> */ </script> <title>“FleeceGPT” mobile apps target AI-curious to rake in cash – Sophos News</title> <meta name='robots' content='max-image-preview:large' /> <style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>  <meta name="google-site-verification" content="8r1qg681OjOolfxmHEY1IYupmTBdyKXc-OPfpgeQHFk" /> <link rel='dns-prefetch' href='//unpkg.com' /> <link rel='dns-prefetch' href='//stats.wp.com' /> <link rel='dns-prefetch' href='//v0.wordpress.com' /> <link rel="alternate" type="application/rss+xml" title="Sophos News » Feed" href="https://news.sophos.com/feed/" /> <link rel="alternate" type="application/rss+xml" title="Sophos News » Comments Feed" href="https://news.sophos.com/comments/feed/" /> <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/news.sophos.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.1"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <style id='wp-emoji-styles-inline-css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='all-css-2' href='https://news.sophos.com/wp-includes/css/dist/block-library/style.min.css?m=1732206022g' type='text/css' media='all' /> <style id='safe-svg-svg-icon-style-inline-css'> .safe-svg-cover{text-align:center}.safe-svg-cover .safe-svg-inside{display:inline-block;max-width:100%}.safe-svg-cover svg{height:100%;max-height:100%;max-width:100%;width:100%} </style> <link rel='stylesheet' id='all-css-6' href='https://news.sophos.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpobGxkZmBkYGQMARIMu1Q==' type='text/css' media='all' /> <style id='jetpack-sharing-buttons-style-inline-css'> .jetpack-sharing-buttons__services-list{display:flex;flex-direction:row;flex-wrap:wrap;gap:0;list-style-type:none;margin:5px;padding:0}.jetpack-sharing-buttons__services-list.has-small-icon-size{font-size:12px}.jetpack-sharing-buttons__services-list.has-normal-icon-size{font-size:16px}.jetpack-sharing-buttons__services-list.has-large-icon-size{font-size:24px}.jetpack-sharing-buttons__services-list.has-huge-icon-size{font-size:36px}@media print{.jetpack-sharing-buttons__services-list{display:none!important}}.editor-styles-wrapper .wp-block-jetpack-sharing-buttons{gap:0;padding-inline-start:0}ul.jetpack-sharing-buttons__services-list.has-background{padding:1.25em 2.375em} </style> <style id='co-authors-plus-coauthors-style-inline-css'> .wp-block-co-authors-plus-coauthors.is-layout-flow [class*=wp-block-co-authors-plus]{display:inline} </style> <style id='co-authors-plus-avatar-style-inline-css'> .wp-block-co-authors-plus-avatar :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-avatar :where(img){vertical-align:middle}.wp-block-co-authors-plus-avatar:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-avatar.aligncenter{display:table;margin-inline:auto} </style> <style id='co-authors-plus-image-style-inline-css'> .wp-block-co-authors-plus-image{margin-bottom:0}.wp-block-co-authors-plus-image :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-image :where(img){vertical-align:middle}.wp-block-co-authors-plus-image:is(.alignfull,.alignwide) :where(img){width:100%}.wp-block-co-authors-plus-image:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-image.aligncenter{display:table;margin-inline:auto} </style> <style id='elasticpress-facet-style-inline-css'> .widget_ep-facet input[type=search],.wp-block-elasticpress-facet input[type=search]{margin-bottom:1rem}.widget_ep-facet .searchable .inner,.wp-block-elasticpress-facet .searchable .inner{max-height:20em;overflow:scroll}.widget_ep-facet .term.hide,.wp-block-elasticpress-facet .term.hide{display:none}.widget_ep-facet .empty-term,.wp-block-elasticpress-facet .empty-term{opacity:.5;position:relative}.widget_ep-facet .empty-term:after,.wp-block-elasticpress-facet .empty-term:after{bottom:0;content:" ";display:block;left:0;position:absolute;right:0;top:0;width:100%;z-index:2}.widget_ep-facet .level-1,.wp-block-elasticpress-facet .level-1{padding-left:20px}.widget_ep-facet .level-2,.wp-block-elasticpress-facet .level-2{padding-left:40px}.widget_ep-facet .level-3,.wp-block-elasticpress-facet .level-3{padding-left:60px}.widget_ep-facet .level-4,.wp-block-elasticpress-facet .level-4{padding-left:5pc}.widget_ep-facet .level-5,.wp-block-elasticpress-facet .level-5{padding-left:75pt}.widget_ep-facet input[disabled],.wp-block-elasticpress-facet input[disabled]{cursor:pointer;opacity:1}.widget_ep-facet .term a,.wp-block-elasticpress-facet .term a{-webkit-box-align:center;-ms-flex-align:center;align-items:center;display:-webkit-box;display:-ms-flexbox;display:flex;position:relative}.widget_ep-facet .term a:hover .ep-checkbox,.wp-block-elasticpress-facet .term a:hover .ep-checkbox{background-color:#ccc}.ep-checkbox{-webkit-box-align:center;-ms-flex-align:center;-ms-flex-negative:0;-webkit-box-pack:center;-ms-flex-pack:center;align-items:center;background-color:#eee;display:-webkit-box;display:-ms-flexbox;display:flex;flex-shrink:0;height:1em;justify-content:center;margin-right:.25em;width:1em}.ep-checkbox:after{border:solid #fff;border-width:0 .125em .125em 0;content:"";display:none;height:.5em;-webkit-transform:rotate(45deg);transform:rotate(45deg);width:.25em}.ep-checkbox.checked{background-color:#5e5e5e}.ep-checkbox.checked:after{display:block} </style> <link rel='stylesheet' id='all-css-18' href='https://news.sophos.com/wp-content/mu-plugins/search/elasticpress/dist/css/related-posts-block-styles.min.css?m=1730999764g' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='all-css-22' href='https://news.sophos.com/wp-content/themes/sophosnews-2017/style-2021.css?m=1722941894g' type='text/css' media='all' /> <script type="text/javascript" src="https://news.sophos.com/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraG5sZGRgZmBkXEWAK8tIhI=" ></script><link rel="https://api.w.org/" href="https://news.sophos.com/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://news.sophos.com/wp-json/wp/v2/posts/91660" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://news.sophos.com/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress 6.7.1" /> <link rel="canonical" href="https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/" /> <link rel='shortlink' href='https://news.sophos.com/?p=91660' /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://news.sophos.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2023%2F05%2F17%2Ffleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash%2F" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://news.sophos.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fnews.sophos.com%2Fen-us%2F2023%2F05%2F17%2Ffleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash%2F&format=xml" /> <link rel="me" href="https://infosec.exchange/@SophosXOps"/> <link rel="alternate" type="text/html" media="only screen and (max-width: 640px)" href="https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/?amp=1"> <style>img#wpstats{display:none}</style> <link rel="amphtml" href="https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/?amp=1"><style>#amp-mobile-version-switcher{left:0;position:absolute;width:100%;z-index:100}#amp-mobile-version-switcher>a{background-color:#444;border:0;color:#eaeaea;display:block;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen-Sans,Ubuntu,Cantarell,Helvetica Neue,sans-serif;font-size:16px;font-weight:600;padding:15px 0;text-align:center;-webkit-text-decoration:none;text-decoration:none}#amp-mobile-version-switcher>a:active,#amp-mobile-version-switcher>a:focus,#amp-mobile-version-switcher>a:hover{-webkit-text-decoration:underline;text-decoration:underline}</style>  <meta property="og:type" content="article" /> <meta property="og:title" content="“FleeceGPT” mobile apps target AI-curious to rake in cash" /> <meta property="og:url" content="https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/" /> <meta property="og:description" content="Interest in OpenAI’s latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype" /> <meta property="article:published_time" content="2023-05-17T10:00:36+00:00" /> <meta property="article:modified_time" content="2023-05-17T10:03:09+00:00" /> <meta property="og:site_name" content="Sophos News" /> <meta property="og:image" content="https://news.sophos.com/wp-content/uploads/2023/05/fleeceware.png?w=640" /> <meta property="og:image:secure_url" content="https://news.sophos.com/wp-content/uploads/2023/05/fleeceware.png?w=640" /> <meta property="og:image:width" content="640" /> <meta property="og:image:height" content="359" /> <meta property="og:image:alt" content="" /> <meta property="og:locale" content="en_US" /> <meta property="fb:admins" content="28552295016" /> <meta name="twitter:text:title" content="“FleeceGPT” mobile apps target AI-curious to rake in cash" /> <meta name="twitter:image" content="https://news.sophos.com/wp-content/uploads/2023/05/fleeceware.png?w=640" /> <meta name="twitter:card" content="summary_large_image" />  <link rel="icon" href="https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=32" sizes="32x32" /> <link rel="icon" href="https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=192" sizes="192x192" /> <link rel="apple-touch-icon" href="https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=180" /> <meta name="msapplication-TileImage" content="https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=270" /> <style type="text/css" id="wp-custom-css"> .entry-content .embed-vimeo iframe, .entry-content .embed-youtube iframe { aspect-ratio: 16/9; width: 100%; height: auto; } </style> </head> <body class="post-template-default single single-post postid-91660 single-format-standard group-blog">  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TW8W88B" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <div id="page" class="hfeed site"> <a class="sr-only" href="#content">Skip to content</a> <header class="bg-blue-600" x-data="{ mobileMenu: false, searchField: false }"> <div class="container"> <div class="flex items-center justify-between h-16">  <div class="flex-shrink-0"> <a class="site-logo" href="https://news.sophos.com/en-us/" rel="home"> <svg width="172" height="17" xmlns="http://www.w3.org/2000/svg"> <g fill="#FFF" fill-rule="evenodd"> <path d="M113.024 5.298V16.74h-2.595V.259h2.265l7.997 11.49V.26h2.619v16.482h-2.289l-7.997-11.443M126.064.259h10.78v2.307H128.8v4.521h7.549v2.214h-7.55v5.133h8.376v2.307h-11.111V.259M138.478.259h2.855l2.694 12.29L147.29.26h2.783l3.61 12.314L156.005.26h2.783l-3.62 16.482h-2.76l-3.751-12.126-3.426 12.126h-2.784L138.478.259M168.933 4.968v-.283c0-1.318-.778-2.425-3.492-2.425-2.43 0-3.279 1.013-3.279 2.284 0 1.201.708 1.743 2.218 2.073l3.491.776c2.123.448 4.129 1.602 4.129 4.333 0 3.014-1.675 5.274-6.204 5.274-5.214 0-6.559-2.26-6.559-4.52v-.307h2.737v.26c0 1.2.755 2.284 3.774 2.284 2.5 0 3.421-1.084 3.421-2.638 0-1.224-.731-1.907-2.289-2.237l-3.49-.777c-2.407-.517-3.917-1.742-3.917-4.309 0-2.566 1.77-4.756 6.016-4.756 4.553 0 6.18 2.26 6.18 4.639v.33h-2.736M85.303 16.718h8.88c2.492 0 3.549-.15 4.379-.677 1.308-.803 2.139-2.378 2.139-4.162 0-1.457-.504-2.868-1.258-3.622-.981-1.006-2.316-1.382-4.783-1.382h-2.693c-1.208 0-2.097-.05-2.6-.276-.605-.277-.956-.81-.956-1.562 0-.88.427-1.455 1.132-1.632.529-.124 1.14-.124 2.726-.15h7.949V.265h-8.754c-1.963 0-2.843.075-3.598.353-1.737.602-2.921 2.383-2.921 4.518 0 1.458.58 2.745 1.587 3.624.881.753 2.189 1.105 4.202 1.105h3.584c.805 0 1.46.1 1.813.3.678.327 1.08.934 1.08 1.714 0 .652-.301 1.122-.83 1.447-.426.278-1.158.403-2.49.403h-8.588v2.99zm-84.945 0h8.88c2.492 0 3.549-.15 4.38-.677 1.307-.803 2.138-2.378 2.138-4.162 0-1.457-.504-2.868-1.258-3.622-.982-1.006-2.316-1.382-4.783-1.382H7.023c-1.209 0-2.098-.05-2.6-.276-.605-.277-.957-.81-.957-1.562 0-.88.427-1.455 1.132-1.632.53-.124 1.141-.124 2.726-.15h7.95V.265H6.52c-1.964 0-2.844.075-3.6.353C1.185 1.22 0 3 0 5.136 0 6.594.582 7.881 1.587 8.76c.881.753 2.19 1.105 4.203 1.105h3.582c.807 0 1.46.1 1.814.3.678.327 1.08.934 1.08 1.714 0 .652-.3 1.122-.83 1.447-.426.278-1.157.403-2.49.403H.358v2.99zM71.99 4.596c-.52.813-.765 2.118-.765 3.87 0 3.845 1.331 5.595 4.294 5.595 2.915 0 4.248-1.75 4.248-5.546 0-3.847-1.308-5.571-4.248-5.571-1.604 0-2.864.592-3.53 1.652zm10.05-1.897c1.013 1.33 1.58 3.498 1.58 6.039 0 2.882-.914 5.249-2.544 6.555-1.233.986-3.11 1.528-5.335 1.528-3.16 0-5.654-1.037-6.937-2.884-.964-1.355-1.435-3.155-1.435-5.35 0-3.152.866-5.544 2.495-6.826C71.149.726 73.175.158 75.497.158c2.938 0 5.284.913 6.543 2.54zM65.36.279h-3.507v6.73h-6.345V.278h-3.507v16.439h3.507V9.94h6.345v6.778h3.506V.278zM43.533 8.042c.938 0 1.48-.123 1.852-.469.442-.37.715-1.158.715-2.07 0-1.084-.443-1.872-1.208-2.144-.272-.1-.717-.149-1.286-.149h-4.839v4.832h4.766zm-4.766 8.674h-3.507V.278h8.223c2.889 0 3.902.295 4.988 1.504.964 1.036 1.481 2.39 1.481 3.845 0 1.725-.69 3.327-1.826 4.289-.962.813-1.854 1.058-3.728 1.058h-5.63v5.743zM21.665 4.596c-.519.813-.764 2.118-.764 3.87 0 3.845 1.333 5.595 4.297 5.595 2.913 0 4.247-1.75 4.247-5.546 0-3.847-1.308-5.571-4.247-5.571-1.606 0-2.866.592-3.533 1.652zm10.052-1.897c1.014 1.33 1.581 3.498 1.581 6.039 0 2.882-.914 5.249-2.545 6.555-1.233.986-3.11 1.528-5.333 1.528-3.162 0-5.656-1.037-6.94-2.884-.964-1.355-1.432-3.155-1.432-5.35 0-3.152.865-5.544 2.496-6.826C20.825.726 22.85.158 25.173.158c2.938 0 5.286.913 6.544 2.54z"/> </g> </svg> </a> </div>  <div class="lg:flex justify-end flex-grow hidden" x-show="searchField" x-cloak> <div class="relative w-1/2 rounded-md shadow-sm"> <form role="search" method="get" action="https://news.sophos.com/en-us/"> <input type="text" class="block w-full text-lg text-white placeholder-gray-100 bg-blue-800 border-0 rounded-md font-sansMedium font-medium" placeholder="Type to Search News" x-ref="searchInput" name="s" /> <div class="absolute inset-y-0 right-0 flex items-center px-3"> <button class="hover:opacity-100 opacity-60 p-1 text-xs text-white uppercase rounded-full cursor-pointer" type="submit" > Search </button> </div> </form> </div> </div>  <div class="lg:flex items-center flex-grow hidden" x-show="!searchField" x-cloak> <div class="flex ml-auto"> <ul id="menu-en-us-primary" class="primary-menu"><li id="menu-item-77773" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-77773"><a href="https://news.sophos.com/en-us/category/products-services/">Products & Services<div class="menu-item-description"></div></a></li> <li id="menu-item-77772" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-77772"><a href="https://news.sophos.com/en-us/category/security-operations/">Security Operations<div class="menu-item-description"></div></a></li> <li id="menu-item-77774" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-77774"><a href="https://news.sophos.com/en-us/category/threat-research/">Threat Research<div class="menu-item-description"></div></a></li> <li id="menu-item-85326" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-85326"><a href="https://news.sophos.com/en-us/category/ai-research/">AI Research<div class="menu-item-description"></div></a></li> <li id="menu-item-951374" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-951374"><a href="https://news.sophos.com/en-us/category/serious-security/">Naked Security<div class="menu-item-description"></div></a></li> <li id="menu-item-83702" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-83702"><a href="https://news.sophos.com/en-us/category/sophos-life/">Sophos Life<div class="menu-item-description"></div></a></li> </ul> </div> </div>  <div class="lg:block hidden ml-4"> <div class="flex items-center"> <button class="border-2 border-transparent hover:border-white inline-flex items-center justify-center p-2 text-white rounded-md focus:outline-none transition-colors" @click.prevent="searchField = !searchField; $nextTick(() => { setTimeout(() => { $refs.searchInput.focus(); }, 150);});" > <span class="sr-only">Search</span>  <svg class="w-5 h-5" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" :class="{ 'block': !searchField, 'hidden': searchField }" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z" /> </svg> <svg class="hidden w-5 h-5" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" aria-hidden="true" :class="{ 'block': searchField, 'hidden': !searchField }" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M6 18L18 6M6 6l12 12" /> </svg> </button> </div> </div>  <div class="lg:hidden flex -mr-2"> <button type="button" class="hover:text-white hover:bg-blue-800 focus:outline-none hover:ring-2 focus:ring-offset-2 focus:ring-offset-gray-300 focus:ring-white inline-flex items-center justify-center p-2 text-white rounded-md" aria-controls="mobile-menu" aria-expanded="false" @click="mobileMenu = !mobileMenu" > <span class="sr-only">Open main menu</span>  <svg class="block w-6 h-6" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" :class="{ 'block': !mobileMenu, 'hidden': mobileMenu }" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M4 6h16M4 12h16m-7 6h7" /> </svg>  <svg class="hidden w-6 h-6" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" aria-hidden="true" :class="{ 'block': mobileMenu, 'hidden': !mobileMenu }" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M6 18L18 6M6 6l12 12" /> </svg> </button> </div> </div> </div>  <div class="lg:hidden container" x-show="mobileMenu" x-cloak x-transition:enter="transition-all ease-out duration-100" x-transition:enter-start="transform opacity-0 scale-95" x-transition:enter-end="transform opacity-100 scale-100" x-transition:leave="transition ease-in duration-75" x-transition:leave-start="transform opacity-100 scale-100" x-transition:leave-end="transform opacity-0 scale-95" > <div class="pt-2 pb-8 space-y-2"> <div class="relative rounded-md shadow-sm"> <form role="search" method="get" action="https://news.sophos.com/en-us/"> <input type="text" class="focus:ring-blue-600 focus:border-blue-600 sm:text-sm block w-full placeholder-gray-600 border-gray-300 rounded-md" placeholder="Search News" name="s" /> <div class="absolute inset-y-0 right-0 flex items-center px-3 pointer-events-none" > <button class="p-1 text-gray-500 rounded-full" type="submit"> <span class="sr-only">Search</span>  <svg class="w-4 h-4" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z" /> </svg> </button> </div> </form> </div> <ul id="menu-en-us-primary-1" class="mobile-menu"><li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-77773"><a href="https://news.sophos.com/en-us/category/products-services/">Products & Services<div class="menu-item-description"></div></a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-77772"><a href="https://news.sophos.com/en-us/category/security-operations/">Security Operations<div class="menu-item-description"></div></a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-77774"><a href="https://news.sophos.com/en-us/category/threat-research/">Threat Research<div class="menu-item-description"></div></a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-85326"><a href="https://news.sophos.com/en-us/category/ai-research/">AI Research<div class="menu-item-description"></div></a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-951374"><a href="https://news.sophos.com/en-us/category/serious-security/">Naked Security<div class="menu-item-description"></div></a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-83702"><a href="https://news.sophos.com/en-us/category/sophos-life/">Sophos Life<div class="menu-item-description"></div></a></li> </ul> </div> </div> </header> <div id="content"> <div id="primary" class="content-area"> <main id="main" class="site-main" role="main"> <article id="post-91660" class="post-91660 post type-post status-publish format-standard has-post-thumbnail hentry category-threat-research tag-android tag-chatgpt tag-featured tag-fleeceware tag-ios tag-sophos-x-ops region-en-us"> <div class="md:mt-16 container mt-8"> <div class="relative max-w-5xl mx-auto"> <div class="aspect-w-16 aspect-h-9 flex bg-gray-400 bg-right bg-no-repeat bg-cover" > <img width="1200" height="673" src="https://news.sophos.com/wp-content/uploads/2023/05/fleeceware.png?w=1200" class="object-cover wp-post-image" alt="" decoding="async" fetchpriority="high" srcset="https://news.sophos.com/wp-content/uploads/2023/05/fleeceware.png 1456w, https://news.sophos.com/wp-content/uploads/2023/05/fleeceware.png?resize=300,168 300w, https://news.sophos.com/wp-content/uploads/2023/05/fleeceware.png?resize=768,430 768w, https://news.sophos.com/wp-content/uploads/2023/05/fleeceware.png?resize=1024,574 1024w" sizes="(max-width: 1200px) 100vw, 1200px" /> </div> <div class="left-4 w-24 h-24 lg:left-12 xl:left-16 lg:w-40 lg:h-40 place-items-center absolute top-0 grid " > <img src="https://news.sophos.com/wp-content/uploads/2022/07/Category-Icon-X-Ops-v2.png" alt="Threat Research" /> </div> </div> </div> <header> <div class="container mt-8 md:mt-16 md:-mb-4"> <div class="max-w-4xl mx-auto"> <h1 class="text-style-h1 mb-8">“FleeceGPT” mobile apps target AI-curious to rake in cash</h1> <div class="text-xl md:text-2xl -mt-2 mb-6"> Interest in OpenAI’s latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype </div> <div class="text-xl md:text-xl -mt-2"> <span class="byline"> Written by <span class="author vcard"> <a href="https://news.sophos.com/en-us/author/jagadeesh-chandraiah/" title="Posts by Jagadeesh Chandraiah" class="author url fn" rel="author">Jagadeesh Chandraiah</a>, </span> <span class="author vcard"> <a href="https://news.sophos.com/en-us/author/sean-gallagher/" title="Posts by Sean Gallagher" class="author url fn" rel="author">Sean Gallagher</a> </span> </span> </div> <div class="text-sophos-gray-600 mt-4 text-xs font-sansSemiBold font-semibold leading-tight uppercase"> <span class="posted-on"><a href="https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/" rel="bookmark">May 17, 2023</a></span> </div> <div class="mt-6 space-y-2 space-x-1"> <a href="https://news.sophos.com/en-us/category/threat-research/" class="category-tag-pill">Threat Research</a> <a href="https://news.sophos.com/en-us/tag/android/" class="category-tag-pill">Android</a> <a href="https://news.sophos.com/en-us/tag/chatgpt/" class="category-tag-pill">ChatGPT</a> <a href="https://news.sophos.com/en-us/tag/featured/" class="category-tag-pill">featured</a> <a href="https://news.sophos.com/en-us/tag/fleeceware/" class="category-tag-pill">Fleeceware</a> <a href="https://news.sophos.com/en-us/tag/ios/" class="category-tag-pill">iOS</a> <a href="https://news.sophos.com/en-us/tag/sophos-x-ops/" class="category-tag-pill">Sophos X-Ops</a> </div> </div> </div> </header> <div class="container md:my-16 xl:my-24 my-8"> <div class="entry-content lg:prose-lg mx-auto prose max-w-4xl"> <p>OpenAI’s ChatGPT, the large-language-model-powered artificial intelligence application, has dominated technology media coverage and permeated popular culture. Hoping to cash in on curiosity about ChatGPT, we’ve seen a spike in mobile apps claiming connection to the AI platform that fall into a category we refer to as <a href="https://vb2020.vblocalhost.com/uploads/VB2020-Chandraiah.pdf">“fleeceware,”</a> apps that have behaviors similar to these:</p> <ul> <li>Their functionality is available for free through either the mobile OS itself or other sources online.</li> <li>They push the user toward enrolling in a short free trial that converts to a high recurring subscription charge to rake in money from unsuspecting users.</li> <li>They use intrusive advertising and other features to make the free version barely useable and to push the user toward the subscription.</li> </ul> <p>Both <a href="https://developer.apple.com/app-store/review/guidelines/#business">Apple</a> and <a href="https://support.google.com/googleplay/android-developer/answer/9900533?hl=en&ref_topic=9857752#zippy=%2Cexamples-of-violations">Google</a> have store guidelines intended to prevent app fraud, and these guidelines have evolved in response to earlier generations of fleeceware. When we <a href="https://news.sophos.com/en-us/2019/09/25/fleeceware-apps-overcharge-users-for-basic-app-functionality/">first</a> wrote about fleeceware back in 2020, some of these apps were charging more than $200 per month. New app store policies were intended to curb <a href="https://news.sophos.com/en-us/2020/08/19/truth-in-advertising-policy-fails-to-curb-fleeceware/">this</a>; for example, developers have to be upfront about their subscription fees, and have to allow users to cancel free trials before incurring any charges.</p> <p>Since then we have seen fleeceware evolve to circumvent those policies. In addition to repeated prompts to subscribe users, ranging from $9.99 to $69.99 on the apps, they also use tactics such as tightly limiting app usage and functionality without a subscription.</p> <p>Because fleeceware applications are designed to stay on the edge of Apple and Google terms of service and do not access private information or attempt to circumvent platform security, they are rarely rejected during review and are allowed into the app stores. And these apps not only generate cash for the underhanded developers, but also enrich the platform owners through <a href="https://developer.apple.com/app-store/subscriptions/">their cuts of app store</a> sales—in the case of Apple, that’s 30% in the first year and 15% from the second year. As a result, there’s little financial incentive for Apple or Google to remove them despite their near-zero functionality and abuse of stores’ reviews systems to artificially boost their credibility.</p> <p>Using a combination of advertising within and outside of the app stores and fake reviews that game the rating systems of the stores, the developers of these misleading apps are able to lure unsuspecting device users into downloading them, often with “free trial” versions that then kick in automatic recurring subscription fees that users may not know are coming, or prompt them to buy subscription to “pro” versions that promise greater functionality but fail to deliver.</p> <p>The prime characteristics that make an app “fleeceware” are charging for functionality that is already free elsewhere, and the use of social engineering or coercive features to get users to sign up for a subscription to generate regular cash flow, as opposed to paying a one-time charge. While OpenAI offers an API for GPT and ChatGPT to developers at a rate that amounts to about $0.06 US for every 750 words of output, and has offered a $20-a-month “pro” subscription to the latest ChatGPT (which guarantees availability during peak usage and provides early access to new functionality), the basic functionality of ChatGPT is available freely to users through OpenAI’s website. All of the apps were offered as free (with little or no mention of subscriptions required to unlock basic functionality), had aggressive monetization tactics, and came with default subscription rates that were in many cases not in line with the functionality they provided.</p> <p>We have reported the apps we found to Google and Apple. Some we were investigating were pulled from the store before we could report them. Google has responded and removed some of the apps we found, and Apple has acknowledged our input on the apps though no action has been taken at this time. We also reported ads for these apps on platforms where we found them.</p> <h2>Limited intelligence</h2> <p>Our investigation into fleeceware chatbot apps (“FleeceGPT”) began when Sophos X-Ops principal researcher Andrew Brandt recently spotted an advertisement on a mobile news application for an Android application called “Chat GBT.” The <a href="https://play.google.com/store/apps/details?id=chatgpt.openai.gpt.chat">Google Play Store listing</a> included a logo that looked like the OpenAI logo for ChatGPT, and the developers call it “an alternative to chat GPT,” while also claiming, “We’ve trained a model called Chat GPT.”</p> <figure id="attachment_91701" aria-describedby="caption-attachment-91701" style="width: 640px" class="wp-caption alignnone"><a href="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT1.png"><img decoding="async" class="size-full wp-image-91701" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT1.png" alt="A Google Play store listing for Chat GBT." width="640" height="424" srcset="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT1.png 1176w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT1.png?resize=300,199 300w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT1.png?resize=768,509 768w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT1.png?resize=1024,679 1024w" sizes="(max-width: 640px) 100vw, 640px" /></a><figcaption id="caption-attachment-91701" class="wp-caption-text">Figure 1: The Google Play page for Chat GBT, now removed.</figcaption></figure> <p>But a quick download of the app revealed that it follows a pattern <a href="https://news.sophos.com/en-us/2020/08/19/truth-in-advertising-policy-fails-to-curb-fleeceware/">we’ve seen previously in other types of “fleeceware”</a>. The “free” app was advertising-heavy, and locked after just three uses—prompting users to pay for a subscription to upgrade the software for further uses. The default option for the three-day trial is a monthly $10 subscription that kicks in automatically after the trial ends; alternatively, the user can pay $30 upfront for an annual subscription. If the user opts for for annual subscription they’ll keep paying that $30 every year until they unsubscribe—a much more profitable option for the fleeceware developer.</p> <p class="jetpack-slideshow-noscript robots-nocontent">This slideshow requires JavaScript.</p><div id="gallery-91660-1-slideshow" class="jetpack-slideshow-window jetpack-slideshow jetpack-slideshow-black" data-trans="fade" data-autostart="1" data-gallery="[{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FLeecegpt2a.png","id":"91700","title":"FLeecegpt2a","alt":"","caption":"Figure 2. Screenshots of Chat GBT, showing fleeceware behaviors\u2014advertising, interrupting for reviews, and a free trial that ends in a $10 a month subscription.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FLeeceGPT2b.png","id":"91699","title":"FLeeceGPT2b","alt":"","caption":"Figure 2. Screenshots of Chat GBT, showing fleeceware behaviors\u2014advertising, interrupting for reviews, and a free trial that ends in a $10 a month subscription.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/fleecegpt2c.png","id":"91698","title":"fleecegpt2c","alt":"","caption":"Figure 2. Screenshots of Chat GBT, showing fleeceware behaviors\u2014advertising, interrupting for reviews, and a free trial that ends in a $10 a month subscription.","itemprop":"image"}]" itemscope itemtype="https://schema.org/ImageGallery"></div> <p> </p> <p>The ”pro” features that users pay for are essentially the same as available for free to registered users of ChatGPT—that is, if and when they work. Mixed in with the thousands of brief four-star reviews are comments from people who downloaded the app and found it didn’t work—either it only showed ads, or failed to respond to questions when unlocked. One user reported that the “reply to every message is ‘sorry, I could not understand your message.’”</p> <p>We found a nearly identical app with a different name from the same developer on the <a href="https://apps.apple.com/us/app/open-chat-ai-chatbot/id1573689978">Apple App Store for iOS</a>.</p> <figure id="attachment_91697" aria-describedby="caption-attachment-91697" style="width: 468px" class="wp-caption alignnone"><a href="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT3.png"><img decoding="async" class="wp-image-91697 size-full" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT3.png" alt="Figure 3. the iOS version of Chat GBT, Ask AI Assistant." width="468" height="344" srcset="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT3.png 468w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT3.png?resize=300,221 300w" sizes="(max-width: 468px) 100vw, 468px" /></a><figcaption id="caption-attachment-91697" class="wp-caption-text">Figure 3. the iOS version of Chat GBT, Ask AI Assistant.</figcaption></figure> <p>Called GAI Assistant, it behaved in the same fashion as the Android version we examined—users were limited to three inputs per day before being locked out and prompted to enroll in a free 3-day trial, which would automatically become a $6 US (or £6 for UK users) weekly subscription fee.</p> <p class="jetpack-slideshow-noscript robots-nocontent">This slideshow requires JavaScript.</p><div id="gallery-91660-2-slideshow" class="jetpack-slideshow-window jetpack-slideshow jetpack-slideshow-black" data-trans="fade" data-autostart="1" data-gallery="[{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT4a-e1683820003874.png","id":"91696","title":"FleeceGPT4a","alt":"","caption":"Figure 4: Limited input, with a prompt for a free trial.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT4b.png","id":"91695","title":"FleeceGPT4b","alt":"","caption":"Figure 4: Limited input, with a prompt for a free trial.","itemprop":"image"}]" itemscope itemtype="https://schema.org/ImageGallery"></div> <p> </p> <p>After a recent update, it behaved in a slightly different way, responding to all prompts with an abbreviated version of the reply and a “Read More” link at the end. It’s clear that it’s using OpenAI’s ChatGPT API, but it does not return any full, useful replies.</p> <p class="jetpack-slideshow-noscript robots-nocontent">This slideshow requires JavaScript.</p><div id="gallery-91660-3-slideshow" class="jetpack-slideshow-window jetpack-slideshow jetpack-slideshow-black" data-trans="fade" data-autostart="1" data-gallery="[{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT5a.jpg","id":"91694","title":"FleeceGPT5a","alt":"","caption":"Figure 5. Abbreviated responses, limited queries.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT5b.jpg","id":"91693","title":"FleeceGPT5b","alt":"","caption":"Figure 5. Abbreviated responses, limited queries.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT5c.jpg","id":"91692","title":"FleeceGPT5c","alt":"Figure 5. Abbreviated responses, limited queries.","caption":"Figure 5. Abbreviated responses, limited queries.","itemprop":"image"}]" itemscope itemtype="https://schema.org/ImageGallery"></div> <p> </p> <p>Tapping the “read more” link brings up a prompt for users to enroll for the three-day free trial or prepay for a monthly or annual subscription. And the interface now has a 10 query-per-day limit, again prompting the user to “go premium” when that limit is reached.</p> <p class="jetpack-slideshow-noscript robots-nocontent">This slideshow requires JavaScript.</p><div id="gallery-91660-4-slideshow" class="jetpack-slideshow-window jetpack-slideshow jetpack-slideshow-black" data-trans="fade" data-autostart="1" data-gallery="[{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FLeeceGPT6a.png","id":"91691","title":"FLeeceGPT6a","alt":"","caption":"Figure 6. :\u201d Expanding\u201d reply takes user to an upgrade screen\u2014that defaults to a $6 a week subscription.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FLeeceGPT6b-e1683823647474.png","id":"91690","title":"FLeeceGPT6b","alt":"","caption":"Figure 6. :\u201d Expanding\u201d reply takes user to an upgrade screen\u2014that defaults to a $6 a week subscription.","itemprop":"image"}]" itemscope itemtype="https://schema.org/ImageGallery"></div> <p> </p> <p>According to the app tracker Sensor Tower, the Android app had <a href="https://app.sensortower.com/android/publisher/publisher/MAPLE%2BLABS%2BCO.%2C%2BLTD">brought in under $5,000 in March</a> , while the <a href="https://app.sensortower.com/ios/publisher/publisher/1320450180">iOS version</a> had yielded over $10,000 in revenue in March. That’s despite a pile of negative reviews that have begun to put a dent in the impact of dozens of fake 5-star reviews:</p> <figure id="attachment_91689" aria-describedby="caption-attachment-91689" style="width: 640px" class="wp-caption alignnone"><a href="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT7.png"><img loading="lazy" decoding="async" class="wp-image-91689 size-full" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT7.png" alt="Screenshot of Apple App Store reviews" width="640" height="232" srcset="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT7.png 1286w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT7.png?resize=300,109 300w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT7.png?resize=768,278 768w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT7.png?resize=1024,371 1024w" sizes="auto, (max-width: 640px) 100vw, 640px" /></a><figcaption id="caption-attachment-91689" class="wp-caption-text">Figure 7: Negative reviews on Apple’s App Store make a small dent the app’s rating.</figcaption></figure> <p> </p> <p>In one of the visible reviews on the site, a user wrote, “The entire app is just one big ad hub. There is virtually no app.” The developers responded that the ads were necessary to fund development, and added, “If you don’t want to see the Ads you can purchase the Pro version of ChatGPT. Please rate us 5★ to support the team! Thank you for understanding!”</p> <p>Once a user assents to the 3-day trial, the app functioned mostly as advertised, and advertising disappeared. But aside from a bare-bones synthesized voice readback of responses, it’s not clear that the functionality exceeded what is available to users for free via mobile web browsers.</p> <h2>Copycats breed copycats</h2> <p>These developers aren’t the only ones trying to cash in on the buzz (and potential confusion) around ChatGPT. We found a number of other apps of a questionable nature on both the Play and Apple App stores—including ones that used almost exactly the same questionable naming to boost their results on store searches.</p> <p>In the Google Play store, we found another app that uses an almost identical advertisement to the first fleeceware AI app we identified:</p> <figure id="attachment_91688" aria-describedby="caption-attachment-91688" style="width: 621px" class="wp-caption alignnone"><a href="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT8.png"><img loading="lazy" decoding="async" class="wp-image-91688 size-full" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT8.png" alt="" width="621" height="365" srcset="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT8.png 621w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT8.png?resize=300,176 300w" sizes="auto, (max-width: 621px) 100vw, 621px" /></a><figcaption id="caption-attachment-91688" class="wp-caption-text">Figure 8. A look-alike app, once again using “Chat GBT”.</figcaption></figure> <p>This “chatbot” has similar habits: the “free” version is limited to 4 requests before locking and prompting the user to purchase a subscription or sign up for a free trial that converts to a monthly subscription.</p> <p class="jetpack-slideshow-noscript robots-nocontent">This slideshow requires JavaScript.</p><div id="gallery-91660-5-slideshow" class="jetpack-slideshow-window jetpack-slideshow jetpack-slideshow-black" data-trans="fade" data-autostart="1" data-gallery="[{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT9a.png","id":"91687","title":"FleeceGPT9a","alt":"","caption":"Figure 9. The same fleeceware features with a different face.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT9b.png","id":"91686","title":"FleeceGPT9b","alt":"","caption":"Figure 9. The same fleeceware features with a different face.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT9c.png","id":"91685","title":"FleeceGPT9c","alt":"App screenshot","caption":"Figure 9. The same fleeceware features with a different face.","itemprop":"image"}]" itemscope itemtype="https://schema.org/ImageGallery"></div> <p> </p> <p> </p> <p>There were several other suspiciously-named apps in the Play store, but a few were pulled from the store during our research. And others, despite being buggy and carrying advertising, did not use typical fleeceware monetization methods.</p> <p>In the Apple App Store, we found several additional apps riding ChatGPT’s coattails that displayed fleeceware-like tactics. <a href="https://apps.apple.com/us/app/ai-chat-chatbot-ai-assistant/id1659730883">AIChatChatbot</a> (or, as it identifies itself in the app window “Pocket AI Chat”) mimics the OpenAI logo in its store listing.</p> <figure id="attachment_91684" aria-describedby="caption-attachment-91684" style="width: 523px" class="wp-caption alignnone"><a href="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT10.png"><img loading="lazy" decoding="async" class="wp-image-91684 size-full" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT10.png" alt="Apple App Store screenshot" width="523" height="402" srcset="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT10.png 523w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT10.png?resize=300,231 300w" sizes="auto, (max-width: 523px) 100vw, 523px" /></a><figcaption id="caption-attachment-91684" class="wp-caption-text">Figure 10. Another chatbot, with a different name than advertised.</figcaption></figure> <p>The interface itself is essentially a repackaged mobile site, and all content is generated remotely, including Google-served advertisements. There are several other behaviors that this app has in common with ones we’ve categorized as fleeceware in the past. First, there’s the types of permissions the app requests.</p> <figure id="attachment_91683" aria-describedby="caption-attachment-91683" style="width: 577px" class="wp-caption alignnone"><a href="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT11.jpg"><img loading="lazy" decoding="async" class="wp-image-91683 size-large" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT11.jpg?w=577" alt="" width="577" height="1024" srcset="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT11.jpg 687w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT11.jpg?resize=169,300 169w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT11.jpg?resize=577,1024 577w" sizes="auto, (max-width: 577px) 100vw, 577px" /></a><figcaption id="caption-attachment-91683" class="wp-caption-text">Figure 11. Never a good sign.</figcaption></figure> <p>When installing, the app requests permissions to track user activity across other apps and websites. While it does connect to ChatGPT through a back-end server run by the developer, and provides the response to the input, it is also sending back telemetry the developer claims will be used “to collect Crash Data in order to improve functionalities.”</p> <p>Like the other apps, it’s never really clear what the name of the app is. It is called “AI Chat – Chatbot AI Assistant” in the ad listing, and “Writing BOT Pocket AI” in the installation and user interface. Once installed, as with the others, the app also regularly interrupted application use with a window prompting for free trial signup—with automatic subscriptions at $8 a week—that could only be bypassed after waiting a few minutes for a window-closing “x” to appear. If not an outright violation of <a href="https://developer.apple.com/app-store/review/guidelines/#business">App Store policies</a> (“Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad”), this comes very close.</p> <p>Replies were also often interrupted by requests to rate the app—another practice that stretches the envelope of <a href="https://developer.apple.com/app-store/review/guidelines/#business">Apple policy</a> (“Apps must not force users to rate the app, review the app, download other apps, or other similar actions in order to access functionality, content, or use of the app”).</p> <p class="jetpack-slideshow-noscript robots-nocontent">This slideshow requires JavaScript.</p><div id="gallery-91660-6-slideshow" class="jetpack-slideshow-window jetpack-slideshow jetpack-slideshow-black" data-trans="fade" data-autostart="1" data-gallery="[{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT12a.jpg","id":"91682","title":"FleeceGPT12a","alt":"","caption":"Figure 12. The same pitch, yet again.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT12b.jpg","id":"91681","title":"FleeceGPT12b","alt":"","caption":"Figure 12. The same pitch, yet again.","itemprop":"image"}]" itemscope itemtype="https://schema.org/ImageGallery"></div> <p> </p> <p> </p> <p> </p> <p>While there is no message limit if you’re willing to wait out the advertisements, there is a character limit for responses—likely driven by the version of the OpenAI API used by the back-end server. Responses appeared to be truncated at about 1000 characters to keep the number of GPT “tokens” used per request to a minimum.</p> <p class="jetpack-slideshow-noscript robots-nocontent">This slideshow requires JavaScript.</p><div id="gallery-91660-7-slideshow" class="jetpack-slideshow-window jetpack-slideshow jetpack-slideshow-black" data-trans="fade" data-autostart="1" data-gallery="[{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT13a.png","id":"91680","title":"FleeceGPT13a","alt":"","caption":"Figure 13. Limited length responses.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT13b.png","id":"91679","title":"FleeceGPT13b","alt":"","caption":"Figure 13. There are also lots of ads that occasionally obscure the content.","itemprop":"image"}]" itemscope itemtype="https://schema.org/ImageGallery"></div> <p> </p> <p> </p> <p>Another ChatGPT offering on the Apple App Store with some fleeceware-like behaviors is the “<a href="https://apps.apple.com/us/app/genie-ai-chatbot/id1658377526">Genie AI Chatbot</a>.” The app’s listing advertises it as the “#1 AI Chatbot” and touts features including image recognition as well as the usual text generation capabilities associated with ChatGPT.</p> <figure id="attachment_91678" aria-describedby="caption-attachment-91678" style="width: 640px" class="wp-caption alignnone"><a href="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT14.png"><img loading="lazy" decoding="async" class="wp-image-91678 size-full" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT14.png" alt="App Store screen shot." width="640" height="516" srcset="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT14.png 654w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT14.png?resize=300,242 300w" sizes="auto, (max-width: 640px) 100vw, 640px" /></a><figcaption id="caption-attachment-91678" class="wp-caption-text">Figure 14: Genie claims to have a bunch of capabilities beyond just AI chat.</figcaption></figure> <p>There are a few fleeceware-like things about Genie, however. First, during installation, there are prompts to allow the app to track activities across other apps and websites, and to rate the app before it’s even fully launched. Genie also asks for permission to send notifications. These prompts are followed by one encouraging enrollment in a free trial or immediate enrollment in a longer subscription–$7 a week (totaling $364 a year), or an all-at-once $70 a year.</p> <p class="jetpack-slideshow-noscript robots-nocontent">This slideshow requires JavaScript.</p><div id="gallery-91660-8-slideshow" class="jetpack-slideshow-window jetpack-slideshow jetpack-slideshow-black" data-trans="fade" data-autostart="1" data-gallery="[{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT15a.jpg?w=578","id":"91677","title":"FleeceGPT15a","alt":"","caption":"Figure 15: Genie\u2019s fleeceware-like features.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT15b.jpg?w=576","id":"91676","title":"FleeceGPT15b","alt":"","caption":"Figure 15: Genie\u2019s fleeceware-like features.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT15c.jpg?w=577","id":"91675","title":"FleeceGPT15c","alt":"","caption":"Figure 15: Genie\u2019s fleeceware-like features.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT15d.jpg?w=575","id":"91674","title":"FleeceGPT15d","alt":"","caption":"Figure 15: Genie\u2019s fleeceware-like features.","itemprop":"image"}]" itemscope itemtype="https://schema.org/ImageGallery"></div> <p>Unlike some of the others, Genie actually works at something approaching full advertised functionality without the trial or subscription—but only accepts 4 queries per day. It then prompts users with the trial offer again.</p> <div id='gallery-9' class='gallery galleryid-91660 gallery-columns-3 gallery-size-thumbnail'><figure class='gallery-item'> <div class='gallery-icon portrait'> <a href='https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/fleecegpt116a/'><img loading="lazy" decoding="async" width="150" height="150" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT116a.jpg?w=150&h=150&crop=1" class="attachment-thumbnail size-thumbnail" alt="" aria-describedby="gallery-9-91673" /></a> </div> <figcaption class='wp-caption-text gallery-caption' id='gallery-9-91673'> Figure 16. It works, until it doesn’t. </figcaption></figure><figure class='gallery-item'> <div class='gallery-icon portrait'> <a href='https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/fleecegpt16b/'><img loading="lazy" decoding="async" width="150" height="150" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT16b.jpg?w=150&h=150&crop=1" class="attachment-thumbnail size-thumbnail" alt="" aria-describedby="gallery-9-91672" /></a> </div> <figcaption class='wp-caption-text gallery-caption' id='gallery-9-91672'> Figure 16. It works, until it doesn’t. </figcaption></figure><figure class='gallery-item'> <div class='gallery-icon portrait'> <a href='https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/fleecegpt16c/'><img loading="lazy" decoding="async" width="150" height="150" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT16c.jpg?w=150&h=150&crop=1" class="attachment-thumbnail size-thumbnail" alt="" aria-describedby="gallery-9-91671" /></a> </div> <figcaption class='wp-caption-text gallery-caption' id='gallery-9-91671'> Figure 16. It works, until it doesn’t. </figcaption></figure> </div> <p>Figure 16. It works, until it doesn’t.</p> <p> </p> <p>This model appears to have been effective for Genie’s developers. According to <a href="https://app.sensortower.com/ios/publisher/publisher/1560806519">Sensor Tower</a>, the app has generated over $700,000 in revenue in just the last month.</p> <p>The third fleeceware-ish app we identified on the Apple App store was listed as “<a href="https://apps.apple.com/us/app/ai-chatbot-open-chat-writer/id1559479889">AI Chatbot-Open Chat Writer</a>”, but when installed called itself “AI Smith”.</p> <figure id="attachment_91670" aria-describedby="caption-attachment-91670" style="width: 612px" class="wp-caption alignnone"><a href="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT17.png"><img loading="lazy" decoding="async" class="wp-image-91670 size-full" src="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT17.png" alt="" width="612" height="473" srcset="https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT17.png 612w, https://news.sophos.com/wp-content/uploads/2023/05/FleeceGPT17.png?resize=300,232 300w" sizes="auto, (max-width: 612px) 100vw, 612px" /></a><figcaption id="caption-attachment-91670" class="wp-caption-text">Figure 17. AI Chatbot or AI Smith, the App Store listing looks terribly familiar.</figcaption></figure> <p> </p> <p>The screen shots on the listing site look nothing like the app that actually installs.</p> <p class="jetpack-slideshow-noscript robots-nocontent">This slideshow requires JavaScript.</p><div id="gallery-91660-9-slideshow" class="jetpack-slideshow-window jetpack-slideshow jetpack-slideshow-black" data-trans="fade" data-autostart="1" data-gallery="[{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT18a.png?w=576","id":"91669","title":"FleeceGPT18a","alt":"","caption":"Figure 18. A cascade of \u201cinformational\u201d slides during install that serve no obvious function.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT18b.png?w=578","id":"91668","title":"FleeceGPT18b","alt":"","caption":"Figure 18. A cascade of \u201cinformational\u201d slides during install that serve no obvious function.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT18c.png?w=577","id":"91667","title":"FleeceGPT18c","alt":"","caption":"Figure 18. A cascade of \u201cinformational\u201d slides during install that serve no obvious function.","itemprop":"image"}]" itemscope itemtype="https://schema.org/ImageGallery"></div> <p> </p> <p>“AI Smith” has a five-message limit per day without a subscription, and those messages are interrupted by advertising and subscription screens, and constant requests for a rating.</p> <p class="jetpack-slideshow-noscript robots-nocontent">This slideshow requires JavaScript.</p><div id="gallery-91660-10-slideshow" class="jetpack-slideshow-window jetpack-slideshow jetpack-slideshow-black" data-trans="fade" data-autostart="1" data-gallery="[{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT19a.png?w=576","id":"91666","title":"FleeceGPT19a","alt":"","caption":"Figure 19. A gallery of screenshots showing AI Smith\u2019s fleecing functionality.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT19c.png?w=577","id":"91665","title":"FleeceGPT19c","alt":"","caption":"Figure 19. A gallery of screenshots showing AI Smith\u2019s fleecing functionality.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT19b.png?w=576","id":"91664","title":"FleeceGPT19b","alt":"","caption":"Figure 19. A gallery of screenshots showing AI Smith\u2019s fleecing functionality.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT19d.png?w=577","id":"91663","title":"FleeceGPT19d","alt":"","caption":"Figure 19. A gallery of screenshots showing AI Smith\u2019s fleecing functionality.","itemprop":"image"},{"src":"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/05\/FleeceGPT19e.png?w=578","id":"91662","title":"FleeceGPT19e","alt":"","caption":"Figure 19. A gallery of screenshots showing AI Smith\u2019s fleecing functionality.","itemprop":"image"}]" itemscope itemtype="https://schema.org/ImageGallery"></div> <p> </p> <p>As with some of the other apps we looked at, AI Smith does use a GPT-3 API to generate the content, but truncates content if it is too long.</p> <p>We found many other apps jumping on the ChatGPT band wagon following a similar naming convention in an effort to attract users searching for the right app. But not all used fleeceware tactics. Many are just poorly written or poorly implemented apps that don’t fit the usual fleeceware formula.</p> <h2>Caveat Downloader</h2> <p>While we were investigating several other potential fleeceware apps, they were removed from the Google Play store. Google has since removed the apps we pointed out to them as well; similar apps, however, have been allowed to remain in the store.</p> <p>Fleeceware developers have adapted to these guidelines and follow them to the letter—but not the spirit. They attempt to get customers to pay subscription fees in several ways, but mostly count on users forgetting about the free trial and not noticing the weekly or monthly subscription fees when they kick in, or they simply expect to yield enough from the initial subscription to profit.</p> <p>The platform owners profit heavily from these applications as well, and there’s little incentive for them to remove applications that are not in obvious violation of standards. Because of this, mobile device users need to continue to pay close attention to in-app payments and subscriptions tied to “free trial” software. On Apple devices, those subscriptions appear in the settings menu under your Apple ID; on Android devices, Google Play subscriptions are managed within the Google Play store app under Subscriptions on the pop-out menu.</p> <p>We recommend that Apple ensure that App store reviews include a close look at whether in-app subscriptions under the “freemium” model actually provide value rather than leaving it up to the device user, since these app stores present themselves as trusted platforms while profiting significantly from misleading apps themselves.</p> <p>Additionally, because some of these apps are essentially re-wrapped web apps dependent on a remote platform for content, they pose a long-term risk in that their functionality could be made malicious by the developer without changing any local code. This is a tactic we have seen <a href="https://news.sophos.com/en-us/2023/02/01/fraudulent-cryptorom-trading-apps-sneak-into-apple-and-google-app-stores/">used by sha zhu pan scammers.</a></p> <p>For now, the only real defense is user education. Before tapping the install button, users need to make sure they’re aware of any in-app purchases associated with a free app, and evaluate whether the fees associated with any application are in line with what’s available elsewhere. And when applications use unethical means to profit, users should report them to Apple or Google.</p> <p> </p> <p>How to cancel a subscription</p> <p>If you’ve discovered you have installed a fleeceware app, it’s important to note that just deleting the app will not end the subscription. Some victims of fleeceware install a trial and delete the app after trying it—not realizing that the subscription still remains on their app store account, and that their account will continue to be debited after the trial expires. Here’s how to remove these subscriptions:</p> <p> </p> <p><strong>IPhone</strong></p> <p>As outlined by Apple <a href="https://support.apple.com/en-us/HT202039">here</a> by Apple, follow the instructions below:</p> <p><a href="https://news.sophos.com/wp-content/uploads/2023/05/iPhone-subs-mgmt.png"><img loading="lazy" decoding="async" class="alignnone size-full wp-image-91661" src="https://news.sophos.com/wp-content/uploads/2023/05/iPhone-subs-mgmt.png" alt="" width="640" height="640" srcset="https://news.sophos.com/wp-content/uploads/2023/05/iPhone-subs-mgmt.png 727w, https://news.sophos.com/wp-content/uploads/2023/05/iPhone-subs-mgmt.png?resize=150,150 150w, https://news.sophos.com/wp-content/uploads/2023/05/iPhone-subs-mgmt.png?resize=300,300 300w" sizes="auto, (max-width: 640px) 100vw, 640px" /></a></p> <ol> <li>Open the Settings app.</li> <li>Tap your name.</li> <li>Tap Subscriptions.</li> <li>Tap the subscription.</li> <li>Tap Cancel Subscription. You might need to scroll down to find the Cancel Subscription button. If there is no Cancel button or you see an expiration message in red text, the subscription is already canceled.</li> </ol> <p>If you have other use cases, please follow the Apple <a href="https://support.apple.com/en-us/HT202039">documentation</a>.</p> <p><strong>Android</strong></p> <p>1.On your Android device, go to your <a href="https://play.google.com/store/account/subscriptions">subscriptions in Google Play</a>.</p> <p>2.Select the subscription you want to cancel.</p> <p>3.Tap<strong> Cancel subscription</strong>.</p> <p>4.Follow the instructions.</p> <p>IOCs are available <a href="https://github.com/sophoslabs/IoCs/blob/master/fleeceware-chatbot-apps.csv">on our GitHub repository</a>.</p> </div> <div class="mt-12"> <ul id="social-sharing" class="flex justify-center items-center space-x-6" > <li class="facebook"> <a class="js-share-modal" href="http://www.facebook.com/share.php?u=https://news.sophos.com/?p=91660&title=“FleeceGPT”%20mobile%20apps%20target%20AI-curious%20to%20rake%20in%20cash" data-title="“FleeceGPT” mobile apps target AI-curious to rake in cash" title="Share on Facebook"> <span class="sr-only">Share on Facebook</span> <svg width="8" height="16" xmlns="http://www.w3.org/2000/svg" class="text-sophos-gray-600 hover:text-black" fill="currentColor" > <path d="M7.145 8.006H4.903V16H1.581V8.006H0V5.182h1.581V3.354C1.581 2.045 2.202 0 4.933 0l2.461.01v2.742H5.608c-.291 0-.705.145-.705.77v1.66h2.533l-.291 2.824z" fill-rule="nonzero"/> </svg> </a> </li> <li class="twitter"> <a class="js-share-modal" href="http://twitter.com/intent/tweet?text=%E2%80%9CFleeceGPT%E2%80%9D%20mobile%20apps%20target%20AI-curious%20to%20rake%20in%20cash%20https%3A%2F%2Fnews.sophos.com%2F%3Fp%3D91660" data-title="" title="Share on X"> <span class="sr-only">Share on X</span> <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" class="text-sophos-gray-600 hover:text-black" fill="currentColor" > <path d="M12.163 1.5h2.206L9.55 7.006l5.669 7.494H10.78L7.303 9.956 3.328 14.5h-2.21l5.154-5.89L.838 1.5h4.55l3.14 4.153zm-.776 11.681h1.222L4.722 2.75H3.409z"/> </svg> </a> </li> <li class="linkedin"> <a href="http://www.linkedin.com/shareArticle?mini=true&url=https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/" data-title="“FleeceGPT” mobile apps target AI-curious to rake in cash" title="Share on LinkedIn" onclick="window.open(this.href, '', 'left=20,top=20,width=500,height=500,toolbar=1,resizable=0'); return false;"> <span class="sr-only">Share on LinkedIn</span> <svg width="16" height="16" xmlns="http://www.w3.org/2000/svg" class="text-sophos-gray-600 hover:text-black" fill="currentColor" > <path d="M16 15.293h-3.43v-5.52c0-1.386-.496-2.334-1.738-2.334-.946 0-1.512.64-1.76 1.256-.09.22-.113.526-.113.836v5.762H5.53s.044-9.35 0-10.316h3.43v1.46c.456-.705 1.27-1.703 3.091-1.703 2.256 0 3.95 1.473 3.95 4.643v5.916zM1.917 3.566h-.022C.745 3.566 0 2.773 0 1.783 0 .772.768 0 1.94 0c1.173 0 1.896.772 1.917 1.783 0 .99-.744 1.783-1.94 1.783zM.202 15.293h3.431V4.977H.203v10.316z" fill-rule="nonzero"/> </svg> </a> </li> <li class="comments"> <a href="#comments" title="Leave a Reply" class="flex items-center space-x-1" > <svg width="16" height="16" xmlns="http://www.w3.org/2000/svg" class="text-sophos-gray-600 hover:text-black" fill="currentColor" > <path d="M8.5 0a7.5 7.5 0 11-3.916 13.898C3.317 15.273 1.773 15.36.256 15.135c1.011-1.185 1.678-2.357 2-3.517l-.007.027A7.5 7.5 0 018.5 0z" fill-rule="evenodd"/> </svg> </a> </li> </ul> </div> </div> </article> <div class="container my-8 md:my-16"> <div class="max-w-4xl mx-auto"> <div class="article-author-block article-co-authors-block"> <div class="author-block"> <div class="author-block__profile"> <img alt='' src='https://news.sophos.com/wp-content/themes/sophosnews-2017/img/avatars/avatar-one.png' class='avatar avatar-400 photo' height='400' width='400' /> </div>  <div class="author-block__wrapper"> <div class="author-block__content"> <div class="author-block__about"> About the Author </div> <h3 class="author-block__name"> <a href="https://news.sophos.com/en-us/author/jagadeesh-chandraiah/" title="Posts by Jagadeesh Chandraiah" class="author url fn" rel="author">Jagadeesh Chandraiah</a> </h3> <div class="author-block__bio"> <p>Jagadeesh Chandraiah is a nine-year veteran of SophosLabs, specializing in Windows and mobile malware analysis. Jagadeesh regularly presents his research at international security conferences like DeepSec, AVAR, CARO, and Virus Bulletin. Outside of work, Jagadeesh enjoys playing badminton.</p> </div>  </div> </div> </div>  <div class="author-block"> <div class="author-block__profile"> <img width="400" height="400" src="https://news.sophos.com/wp-content/uploads/2020/02/sean-gallagher.jpg?w=400" class="avatar avatar-400 photo wp-post-image" alt="Sean Gallagher" /> </div>  <div class="author-block__wrapper"> <div class="author-block__content"> <div class="author-block__about"> About the Author </div> <h3 class="author-block__name"> <a href="https://news.sophos.com/en-us/author/sean-gallagher/" title="Posts by Sean Gallagher" class="author url fn" rel="author">Sean Gallagher</a> </h3> <div class="author-block__bio"> <p>Sean Gallagher is Principal Threat Researcher, Sophos X-Ops. Prior to joining Sophos, he was an information security and technology journalist for over 30 years, including 10 as information security and national security editor for Ars Technica.</p> </div>  </div> </div> </div>  </div> </div> </div> <div class="pb-24 bg-white"> <div class="container"> <div class="max-w-5xl mx-auto"> <h3 class="text-style-h2 md:my-8 my-4"> Read Similar Articles </h3> <div class="article-grid article-grid--3-column">  <article id="post-75410" class="hover:shadow-lg dark:bg-sophos-gray-900 border-sophos-gray-200 flex flex-col overflow-hidden text-gray-700 transition-all bg-white border rounded-md shadow-md post-75410 post type-post status-publish format-standard has-post-thumbnail hentry category-security-operations tag-encryption tag-mtr tag-ransomware tag-security tag-sidebar tag-sophos-rapid-response region-en-us">  <a class="aspect-w-16 aspect-h-9 flex block bg-gray-400 bg-right bg-no-repeat bg-cover" href="https://news.sophos.com/en-us/2021/05/24/what-to-expect-when-youve-been-hit-with-avaddon-ransomware/" rel="bookmark" style=" background-image: url('https://news.sophos.com/wp-content/uploads/2021/05/sophos-ransomware-web-banner-1200x628px-option-2.png?w=640'); " ></a>  <div class="flex flex-col justify-between flex-grow">  <div class="sm:px-8 sm:py-8 p-4 py-6">  <div class="text-sophos-blue-600 font-sansMedium mb-2 text-xs leading-tight uppercase truncate" > May 24, 2021 </div>  <h2 class="text-style-h2 line-clamp-3 sm:mb-4 sm:text-2xl sm:leading-snug text-lg leading-tight text-gray-700"><a href="https://news.sophos.com/en-us/2021/05/24/what-to-expect-when-youve-been-hit-with-avaddon-ransomware/" rel="bookmark" class="dark:text-white font-sansSemiBold font-semibold text-gray-900 no-underline cursor-pointer">What to expect when you’ve been hit with Avaddon ransomware</a></h2>  </div> </div> </article>  <article id="post-75301" class="hover:shadow-lg dark:bg-sophos-gray-900 border-sophos-gray-200 flex flex-col overflow-hidden text-gray-700 transition-all bg-white border rounded-md shadow-md post-75301 post type-post status-publish format-standard has-post-thumbnail hentry category-products-services tag-intercept-x tag-sidebar tag-sophos-edr tag-sophos-xdr region-en-us">  <a class="aspect-w-16 aspect-h-9 flex block bg-gray-400 bg-right bg-no-repeat bg-cover" href="https://news.sophos.com/en-us/2021/05/19/whats-new-in-sophos-edr-4-0/" rel="bookmark" style=" background-image: url('https://news.sophos.com/wp-content/uploads/2021/05/sophos-edr-news-blog-image-838x440px@2x.png?w=640'); " ></a>  <div class="flex flex-col justify-between flex-grow">  <div class="sm:px-8 sm:py-8 p-4 py-6">  <div class="text-sophos-blue-600 font-sansMedium mb-2 text-xs leading-tight uppercase truncate" > May 19, 2021 </div>  <h2 class="text-style-h2 line-clamp-3 sm:mb-4 sm:text-2xl sm:leading-snug text-lg leading-tight text-gray-700"><a href="https://news.sophos.com/en-us/2021/05/19/whats-new-in-sophos-edr-4-0/" rel="bookmark" class="dark:text-white font-sansSemiBold font-semibold text-gray-900 no-underline cursor-pointer">What’s New in Sophos EDR 4.0</a></h2>  </div> </div> </article>  <article id="post-75396" class="hover:shadow-lg dark:bg-sophos-gray-900 border-sophos-gray-200 flex flex-col overflow-hidden text-gray-700 transition-all bg-white border rounded-md shadow-md post-75396 post type-post status-publish format-standard has-post-thumbnail hentry category-products-services tag-sidebar tag-sophos-xdr tag-xdr region-en-us">  <a class="aspect-w-16 aspect-h-9 flex block bg-gray-400 bg-right bg-no-repeat bg-cover" href="https://news.sophos.com/en-us/2021/05/19/sophos-xdr-driven-by-data/" rel="bookmark" style=" background-image: url('https://news.sophos.com/wp-content/uploads/2021/05/sophos-xdr.png?w=640'); " ></a>  <div class="flex flex-col justify-between flex-grow">  <div class="sm:px-8 sm:py-8 p-4 py-6">  <div class="text-sophos-blue-600 font-sansMedium mb-2 text-xs leading-tight uppercase truncate" > May 19, 2021 </div>  <h2 class="text-style-h2 line-clamp-3 sm:mb-4 sm:text-2xl sm:leading-snug text-lg leading-tight text-gray-700"><a href="https://news.sophos.com/en-us/2021/05/19/sophos-xdr-driven-by-data/" rel="bookmark" class="dark:text-white font-sansSemiBold font-semibold text-gray-900 no-underline cursor-pointer">Sophos XDR: Driven by data</a></h2>  </div> </div> </article> </div> </div> </div> </div>  </main> </div> </div>  <div class="bg-sophos-gray-50 md:py-16 px-4 pb-4 pt-8"> <div class="container max-w-2xl" x-show="!subscribed"> <div class="text-style-h2-lg"> Subscribe to get the latest updates in your inbox. </div> <div id="mc_embed_shell"> <link href="//cdn-images.mailchimp.com/embedcode/classic-061523.css" rel="stylesheet" type="text/css"> <style type="text/css"> /* Add your own Mailchimp form style overrides in your site stylesheet or in this style block. We recommend moving this block and the preceding CSS link to the HEAD of your HTML file. */ #mc_embed_signup form, #mc_embed_signup #mc-embedded-subscribe-form div.mce_inline_error { margin:0; background: transparent; } #mc_embed_signup input { border-color: rgba(240, 242, 244, var(--tw-border-opacity)); } #mc_embed_signup input#mc-embedded-subscribe { border-radius: 9999px; } #mc-embedded-subscribe { margin-left:0; } #mc_embed_signup .mc-field-group.input-group input { height:1rem; width:1rem; } #mc_embed_signup #mc-embedded-subscribe-form input.mce_inline_error { border-color: rgba( 209, 213, 219, var( --tw-border-opacity ) );} #mc_embed_signup #mce-success-response { display: block; color: #fff; font-weight: normal; padding: .75rem 1rem; margin: 0; } #mc_embed_signup div#mce-responses { padding: 0; width: 100%; margin: .5rem 0; } #mc_embed_signup div.response { width:100%; padding: .75rem 1rem; font-weight: normal; } </style> <div id="mc_embed_signup"> <form action="https://sophos.us2.list-manage.com/subscribe/post?u=2a2849a8c809119f4bd4929cc&id=8d6471d831&f_id=007062e1f0" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank"> <div id="mc_embed_signup_scroll"> <div class="mc-field-group"> <input type="email" name="EMAIL" class="required email" id="mce-EMAIL" required="" value="" placeholder="name@email.com"> <div id="mce-responses" class="clear flex flex-col my-6"> <div class="response font-sansMedium px-4 py-3 mt-2 text-sm font-medium text-white bg-black border rounded-md" id="mce-error-response" style="display: none;"></div> <div class="response font-sansMedium px-4 py-3 mt-2 text-sm font-medium text-white bg-black border rounded-md" id="mce-success-response" style="display: none;"></div> </div> </div> <div class="mc-field-group input-group mb-4 text-lg"> Which categories are you interested in? <ul> <li><input type="checkbox" name="group[3][1]" id="mce-group[3]-3-0" value=""><label for="mce-group[3]-3-0" class="text-style-form-label ml-2">Products and Services</label></li> <li><input type="checkbox" name="group[3][2]" id="mce-group[3]-3-1" value=""><label for="mce-group[3]-3-1" class="text-style-form-label ml-2">Threat Research</label></li> <li><input type="checkbox" name="group[3][4]" id="mce-group[3]-3-2" value=""><label for="mce-group[3]-3-2" class="text-style-form-label ml-2">Security Operations</label></li> <li><input type="checkbox" name="group[3][8]" id="mce-group[3]-3-3" value=""><label for="mce-group[3]-3-3" class="text-style-form-label ml-2">AI Research</label></li> <li><input type="checkbox" name="group[3][16]" id="mce-group[3]-3-4" value=""><label for="mce-group[3]-3-4" class="text-style-form-label ml-2">#SophosLife</label></li> </ul> </div> <div aria-hidden="true" style="position: absolute; left: -5000px;"> <input type="text" name="b_2a2849a8c809119f4bd4929cc_8d6471d831" tabindex="-1" value=""> </div> <div class="clear"> <input type="submit" name="subscribe" id="mc-embedded-subscribe" class="round-button round-button--primary" value="Subscribe"> </div> </div> </form> </div> </div> </div> </div> <footer class="bg-white border-t border-sophos-gray-200 " x-data="{ languageMenu: false, privacyMenu: false, legalMenu: false }" > <div class="container"> <div class="md:flex-row md:items-center flex flex-col justify-between py-8"> <div class="flex items-baseline flex-grow space-x-6">  <div class="relative mr-auto"> <a href="#" class="whitespace-nowrap font-sansMedium text-sophos-gray-600 inline-block text-xs font-medium leading-tight" @click.prevent="languageMenu = !languageMenu" @click.away="languageMenu = false" > Change Region <svg xmlns="http://www.w3.org/2000/svg" width="8" height="4" class="inline-block transition-transform transform" :class="{'rotate-180': languageMenu }" > <path fill="#7F8C9D" fill-rule="evenodd" d="M4 2.178L5.915.262a.708.708 0 01.996 0 .702.702 0 010 .995L4.75 3.415A.7.7 0 014 3.94a.702.702 0 01-.751-.524l-2.16-2.158a.702.702 0 11.996-.995L4 2.178z" /> </svg> </a>  <div class="focus:outline-none border-sophos-gray-200 absolute bottom-0 left-0 w-48 px-4 py-1 py-4 mb-8 -ml-4 origin-bottom-left bg-white border rounded-md shadow-md" role="menu" aria-orientation="vertical" aria-labelledby="user-menu" x-show="languageMenu" x-cloak x-transition:enter="transition-all ease-out duration-100" x-transition:enter-start="transform opacity-0 scale-95" x-transition:enter-end="transform opacity-100 scale-100" x-transition:leave="transition ease-in duration-75" x-transition:leave-start="transform opacity-100 scale-100" x-transition:leave-end="transform opacity-0 scale-95" > <ul class="font-sansMedium text-sophos-gray-600 space-y-1 text-xs font-medium" > <li> <a href="https://news.sophos.com/es-419"> América Latina </a> </li> <li> <a href="https://news.sophos.com/pt-br"> Brasil </a> </li> <li> <a href="https://news.sophos.com/de-de"> Deutschland </a> </li> <li> <a href="https://news.sophos.com/en-us"> English </a> </li> <li> <a href="https://news.sophos.com/fr-fr"> France </a> </li> <li> <a href="https://news.sophos.com/es-es"> Iberia </a> </li> <li> <a href="https://news.sophos.com/it-it"> Italia </a> </li> <li> <a href="https://news.sophos.com/ja-jp"> Japan </a> </li> </ul> </div> </div>  <a href="https://www.sophos.com/en-us/legal/sophos-website.aspx" class="whitespace-nowrap font-sansMedium text-sophos-gray-600 inline-block ml-auto text-xs font-medium leading-tight" >Terms</a >  <span class="relative"> <a href="#" class="whitespace-nowrap font-sansMedium text-sophos-gray-600 inline-block text-xs font-medium leading-tight" @click.prevent="privacyMenu = !privacyMenu" @click.away="privacyMenu = false" > Privacy <svg xmlns="http://www.w3.org/2000/svg" width="8" height="4" class="inline-block transition-transform transform" :class="{'rotate-180': privacyMenu }" > <path fill="#7F8C9D" fill-rule="evenodd" d="M4 2.178L5.915.262a.708.708 0 01.996 0 .702.702 0 010 .995L4.75 3.415A.7.7 0 014 3.94a.702.702 0 01-.751-.524l-2.16-2.158a.702.702 0 11.996-.995L4 2.178z" /> </svg> </a> <div class="focus:outline-none border-sophos-gray-200 absolute bottom-0 left-0 w-48 px-4 py-1 py-4 mb-8 -ml-4 origin-bottom-left bg-white border rounded-md shadow-md" role="menu" aria-orientation="vertical" aria-labelledby="user-menu" x-show="privacyMenu" x-cloak x-transition:enter="transition-all ease-out duration-100" x-transition:enter-start="transform opacity-0 scale-95" x-transition:enter-end="transform opacity-100 scale-100" x-transition:leave="transition ease-in duration-75" x-transition:leave-start="transform opacity-100 scale-100" x-transition:leave-end="transform opacity-0 scale-95" > <ul class="font-sansMedium text-sophos-gray-600 space-y-1 text-xs font-medium" > <li> <a href="https://www.sophos.com/en-us/legal/sophos-group-privacy-policy.aspx" > Privacy Notice </a> </li> <li> <a href="https://www.sophos.com/en-us/legal/cookie-information.aspx" > Cookies </a> </li> </ul> </div> </span>  <span class="relative"> <a href="#" class="whitespace-nowrap font-sansMedium text-sophos-gray-600 inline-block text-xs font-medium leading-tight" @click.prevent="legalMenu = !legalMenu" @click.away="legalMenu = false" > Legal <svg xmlns="http://www.w3.org/2000/svg" width="8" height="4" class="inline-block transition-transform transform" :class="{'rotate-180': legalMenu }" > <path fill="#7F8C9D" fill-rule="evenodd" d="M4 2.178L5.915.262a.708.708 0 01.996 0 .702.702 0 010 .995L4.75 3.415A.7.7 0 014 3.94a.702.702 0 01-.751-.524l-2.16-2.158a.702.702 0 11.996-.995L4 2.178z" /> </svg> </a> <div class="focus:outline-none border-sophos-gray-200 absolute bottom-0 left-0 w-48 px-4 py-1 py-4 mb-8 -ml-4 origin-bottom-left bg-white border rounded-md shadow-md" role="menu" aria-orientation="vertical" aria-labelledby="user-menu" x-show="legalMenu" x-cloak x-transition:enter="transition-all ease-out duration-100" x-transition:enter-start="transform opacity-0 scale-95" x-transition:enter-end="transform opacity-100 scale-100" x-transition:leave="transition ease-in duration-75" x-transition:leave-start="transform opacity-100 scale-100" x-transition:leave-end="transform opacity-0 scale-95" > <ul class="font-sansMedium text-sophos-gray-600 space-y-1 text-xs font-medium" > <li> <a href="https://www.sophos.com/en-us/legal.aspx" > General </a> </li> <li> <a href="https://www.sophos.com/en-us/legal/modern-slavery-act-transparency-statement.aspx" > Modern Slavery Statement </a> </li> <li> <a href="https://secure.ethicspoint.eu/domain/media/en/gui/104916/index.html" > Speak Out </a> </li> </ul> </div> </span>  <div class="md:ml-6 mt-2 md:mt-0"> <span class="whitespace-nowrap font-sansMedium text-sophos-gray-600 inline-block text-xs font-medium leading-tight" > © 1997 - 2024 Sophos Ltd. All rights reserved </span> </div> </div> </div> </div> </div> </footer> <div id="amp-mobile-version-switcher" hidden> <a rel="" href="https://news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/?amp=1"> Go to mobile version </a> </div> <link rel='stylesheet' id='all-css-0' href='https://news.sophos.com/wp-content/mu-plugins/jetpack-14.0/modules/shortcodes/css/slideshow-shortcode.css?m=1732646391g' type='text/css' media='all' /> <script type="text/javascript" id="sophos-js-core-js-extra"> /* <![CDATA[ */ var PG8Data = {"startPage":"1","maxPages":"1","nextLink":""}; /* ]]> */ </script> <script type="text/javascript" src="https://news.sophos.com/_static/??-eJyVjFEOwiAQBS8ku0Ka1H4Yz0LIpgVlIexqPb6YXqAk72sy83CvJhRWYkXdKJOglLoVYdrFuKudMUlfl8ozkvk4cGA7gANAkgue+gilDdj01eblvH8geGt8jVfB5+rjysNh9U2Z2nC3+uHkz3r0yHc7O7dM9rZM6Qegq6BH" ></script><script type="text/javascript" src="https://unpkg.com/alpinejs@2.8.1/dist/alpine.js?ver=2.0.3" id="alpine-js-js"></script> <script type="text/javascript" src="https://news.sophos.com/wp-content/themes/sophosnews-2017/js/sophos-mc-validate.js?m=1730121999g" ></script><script type="text/javascript" src="https://stats.wp.com/e-202448.js" id="jetpack-stats-js" data-wp-strategy="defer"></script> <script type="text/javascript" id="jetpack-stats-js-after"> /* <![CDATA[ */ _stq = window._stq || []; _stq.push([ "view", JSON.parse("{\"v\":\"ext\",\"blog\":\"166161023\",\"post\":\"91660\",\"tz\":\"-5\",\"srv\":\"news.sophos.com\",\"hp\":\"vip\",\"j\":\"1:14.0\"}") ]); _stq.push([ "clickTrackerInit", "166161023", "91660" ]); /* ]]> */ </script> <script type="text/javascript" id="jetpack-slideshow-js-extra"> /* <![CDATA[ */ var jetpackSlideshowSettings = {"spinner":"https:\/\/news.sophos.com\/wp-content\/mu-plugins\/jetpack-14.0\/modules\/shortcodes\/img\/slideshow-loader.gif","speed":"4000","label_prev":"Previous Slide","label_stop":"Pause Slideshow","label_next":"Next Slide"}; var jetpackSlideshowSettings = {"spinner":"https:\/\/news.sophos.com\/wp-content\/mu-plugins\/jetpack-14.0\/modules\/shortcodes\/img\/slideshow-loader.gif","speed":"4000","label_prev":"Previous Slide","label_stop":"Pause Slideshow","label_next":"Next Slide"}; var jetpackSlideshowSettings = {"spinner":"https:\/\/news.sophos.com\/wp-content\/mu-plugins\/jetpack-14.0\/modules\/shortcodes\/img\/slideshow-loader.gif","speed":"4000","label_prev":"Previous Slide","label_stop":"Pause Slideshow","label_next":"Next Slide"}; var jetpackSlideshowSettings = {"spinner":"https:\/\/news.sophos.com\/wp-content\/mu-plugins\/jetpack-14.0\/modules\/shortcodes\/img\/slideshow-loader.gif","speed":"4000","label_prev":"Previous Slide","label_stop":"Pause Slideshow","label_next":"Next Slide"}; var jetpackSlideshowSettings = {"spinner":"https:\/\/news.sophos.com\/wp-content\/mu-plugins\/jetpack-14.0\/modules\/shortcodes\/img\/slideshow-loader.gif","speed":"4000","label_prev":"Previous Slide","label_stop":"Pause Slideshow","label_next":"Next Slide"}; var jetpackSlideshowSettings = {"spinner":"https:\/\/news.sophos.com\/wp-content\/mu-plugins\/jetpack-14.0\/modules\/shortcodes\/img\/slideshow-loader.gif","speed":"4000","label_prev":"Previous Slide","label_stop":"Pause Slideshow","label_next":"Next Slide"}; var jetpackSlideshowSettings = {"spinner":"https:\/\/news.sophos.com\/wp-content\/mu-plugins\/jetpack-14.0\/modules\/shortcodes\/img\/slideshow-loader.gif","speed":"4000","label_prev":"Previous Slide","label_stop":"Pause Slideshow","label_next":"Next Slide"}; var jetpackSlideshowSettings = {"spinner":"https:\/\/news.sophos.com\/wp-content\/mu-plugins\/jetpack-14.0\/modules\/shortcodes\/img\/slideshow-loader.gif","speed":"4000","label_prev":"Previous Slide","label_stop":"Pause Slideshow","label_next":"Next Slide"}; var jetpackSlideshowSettings = {"spinner":"https:\/\/news.sophos.com\/wp-content\/mu-plugins\/jetpack-14.0\/modules\/shortcodes\/img\/slideshow-loader.gif","speed":"4000","label_prev":"Previous Slide","label_stop":"Pause Slideshow","label_next":"Next Slide"}; var jetpackSlideshowSettings = {"spinner":"https:\/\/news.sophos.com\/wp-content\/mu-plugins\/jetpack-14.0\/modules\/shortcodes\/img\/slideshow-loader.gif","speed":"4000","label_prev":"Previous Slide","label_stop":"Pause Slideshow","label_next":"Next Slide"}; /* ]]> */ </script> <script type="text/javascript" src="https://news.sophos.com/_static/??-eJyNzDEOwjAMheELkZjQqogBcRQETkQTnDjUsarengyIgQnpDb/e8MFaDXJpoTTIairpIxaBFFq94dO40e4hs1cKAjLz0pB9z9T30rBsFjekYHMsNskO/tCusSDcNZL/AYVir5lX8/0/7iWf3XE4TOM0nFx6AzcRQKk=" ></script></body> </html>