Skip to main content
Emerging ThreatsMalware & Ransomware

Threat Actors Exploit ChatGPT Sharing Feature to Deliver Malware

Person sitting at laptop with browser window open showing fake ChatGPT outage message.

"We're experiencing high traffic right now," reads the fake outage message displayed on the shared ChatGPT page used in the LLMShare campaign, Push Security found.

LLMShare campaign: ads, shared links, and a legitimate URL

Researchers at Push Security identified a campaign dubbed "LLMShare" in which threat actors used Google advertisements to steer people searching for ChatGPT toward a malicious shared ChatGPT page hosted on chatgpt.com. The attack leveraged a legitimate OpenAI domain to present a convincing lure: instead of a normal chat transcript, visitors saw a rendered outage notice directing them to download a desktop application.

Custom HTML rendered through ChatGPT's sharing feature

Unlike conventional phishing pages hosted on attacker-controlled infrastructure, the fake outage notice was generated and displayed from within ChatGPT itself. Push Security reported that attackers created a custom HTML page using ChatGPT's rendering capabilities and published it via a shared chatgpt.com/s/ link. The shared page included "Show code" and "Remix with ChatGPT" controls, which revealed that the outage notice was produced from custom HTML and CSS rendered by a ChatGPT prompt.

openew[.]app: an impersonation and cloaking behavior

If a visitor clicked the download button on the fake outage page, they were taken to a site at openew[.]app that impersonated OpenAI's desktop application download portal. Push Security said the site used cloaking to show different content to targeted victims: when security platforms like URLScan visited the URL, they were shown a harmless AR/VR company website instead of the impersonation. The openew[.]app portal offered both macOS and Windows downloads that, according to VirusTotal references cited by the researchers, install malware on devices.

Observed malware behavior and links to earlier sharing-feature abuses

BleepingComputer tested the Windows download on Any.Run and observed the installer executing a series of commands designed to determine whether the host was a legitimate computer or a virtual machine. While Push Security reported it is unclear what final payloads are ultimately deployed in this campaign, the researchers noted that earlier campaigns abusing AI platform sharing features have distributed infostealers. Push Security also observed attacks abusing Anthropic's Claude Artifacts feature to host ClickFix-style lures that tricked users into executing malicious commands.

The report places LLMShare in a larger pattern: earlier this year, threat actors used Google advertisements to direct searches for Claude downloads to shared Claude conversations containing malicious installation instructions. Other past campaigns abused shared ChatGPT and Grok conversations to present ClickFix-style guides impersonating software installers, instructing victims to run commands that installed malware.

What this means for technologists, security platforms, and end users

  • Technologists and security teams: the campaign demonstrates that content rendered from legitimate platform domains can host malicious HTML and CSS. Teams will need to account for the possibility that shared application pages on major AI platforms can be used to present executable lures and to link to external download sites that employ cloaking.
  • Security platforms and researchers: cloaking behavior — where URLScan and similar tools are shown benign content while targeted victims see malicious pages — complicates detection. The use of platform-rendered shared pages with visible "Show code" and "Remix with ChatGPT" controls indicates a new vector for analysis and triage that these tools must handle.
  • End users and general public: users following search ads can be taken to legitimate chatgpt.com URLs that nonetheless display fraudulent outage notices urging them to download a desktop app. The downloads offered at openew[.]app have been observed by VirusTotal and dynamic analysis on Any.Run to be malicious installers.

LLMShare underscores a shift: attackers are not only spoofing brands on third-party sites but are embedding malicious content inside the very platforms users trust. The central unanswered fact remains what final payloads are being dropped in this campaign, even as observed installers and historical parallels point to infostealer-style and ClickFix outcomes. Security teams and users alike will need to watch for more campaigns that chain search advertising, platform sharing features, cloaking, and external impersonation sites.

Original reporting: BleepingComputer — ChatGPT share links abused to host fake outage pages to deliver malware