Skip to main content
Emerging ThreatsMalware & Ransomware

Hackers Exploit ChatGPT Features in Malware Phishing Campaigns

Laptop screen shows ChatGPT-like interface with suspicious URL and blurred malware prompt.

“These are essentially InstallFix attacks — a variant of the ClickFix family that Push documented earlier this year,” Push Security warned, describing phishing pages hosted on legitimate ChatGPT domains that redirect visitors to malware-bearing downloads.

How attackers use ChatGPT code-rendering and chatgpt.com/s/ pages

Push Security says threat actors are abusing ChatGPT’s code-rendering feature to build fully designed, self-contained pages that mimic the ChatGPT brand. Those pages are hosted on chatgpt.com/s/ URLs and, according to the vendor, because the first page uses that domain it is trusted by most scanning tools. From that trusted page victims are redirected to a fake download flow designed to deliver a malicious executable.

The initial page commonly claims a service outage caused by high traffic and urges visitors to download the desktop application in order to continue. Clicking the promised “download” ultimately takes users to a phishing site that mimics ChatGPT and, Push Security says, will install malware if visitors press the download button.

InstallFix and the ClickFix family: the attack mechanics described

Push Security characterizes the campaign as “essentially InstallFix attacks — a variant of the ClickFix family” and notes attackers are exploiting a normalization of command-line installation workflows. In one observed variant, a shared chat is presented as an installation guide and contains a curl command that downloads and executes malware.

Push Security also highlighted a deliberate evasion technique: the second phishing page will not render if it detects the presence of security researchers or automated analysis. “Real users in a browser see the fake download page; automated scanners and bots see something benign,” the vendor observed, describing conditional rendering as a “well-established evasion technique in the malvertising ecosystem” that complicates discovery and analysis.

Malvertising, SEO poisoning, and targeted delivery

Victims are initially lured to the malicious pages via search-based mechanisms — specifically malicious Google ads and SEO poisoning. Push Security warned that four out of five ClickFix attacks are now reached via search results rather than email, and that malvertising in these campaigns is often tightly scoped to victim type, geography and other attributes.

Because the campaign routes users through a trusted chatgpt.com/s/ URL before exposing the malicious download flow, conventional scanning and blacklisting approaches can miss the threat until the final stage.

Shared conversations, a Claude variant, and cross-platform experimentation

Push Security reported a closely related variant that uses shared conversations — unique URLs generated for AI chats — to host the lure. In that case, users were presented with a shared chat disguised as a “Claude Code on Mac” installation guide attributed to “Apple Support,” which contained a curl command intended to download and execute malware.

The vendor said it has seen both ChatGPT and Claude users targeted in similar ways and concluded that the appearance of both variants in Push customer environments “suggests a campaign – or at least a shared playbook – that is actively experimenting with different platforms and different social engineering approaches to find what converts best.”

What this means for technologists, affected enterprises, and end users

  • Technologists and security teams: Watch for malicious content hosted on otherwise trusted domains and for conditional rendering that hides malicious pages from automated scanners. The combination of trusted hosting plus evasion increases the need for layered inspection of user-visible content and behavioral analysis of download flows.
  • Affected enterprises and procurement leaders: Pay attention to search-result and ad-driven delivery vectors; Push Security’s data indicates most ClickFix-style infections now begin via search rather than email, and malvertising can be tightly scoped to particular audiences and geographies.
  • End users and the general public: Exercise caution when a site on a familiar domain prompts an urgent desktop download or presents command-line installation instructions (for example, curl commands). Push Security notes the payload is unclear but that infostealer malware is suspected — a risk of data loss if a malicious executable is installed.

Push Security’s findings show attackers have adapted established malvertising and social-engineering playbooks to exploit features of modern AI platforms — trusted hosting, shared chat URLs and code-rendering — while layering conditional rendering to frustrate detection. The precise payload remains unspecified in the vendor’s advisory, though infostealer malware is suspected, leaving defenders to focus on detection of trusted-domain abuse, ad-driven delivery, and the behavioral signs of an InstallFix-style flow.

Original story