Threat actors are exploiting ChatGPT's legitimate content-sharing feature to distribute malware by creating fake outage pages hosted on chatgpt.com, which use Google ads for initial redirection and then prompt users to download malicious desktop applications for macOS and Windows. The malicious site employs cloaking techniques to evade detection and has been used to distribute infostealers. Similar abuse of AI platform sharing features, such as Claude Artifacts, has also been observed.
AI/ML Attackers use ChatGPT feature to spread malware June 1, 2026 Share By SC Staff (Credit: Rizq – stock.adobe.com) Threat actors are exploiting ChatGPT's content-sharing feature to distribute malware. Attackers are creating fake OpenAI outage pages that prompt users to download a malicious desktop application disguised as ChatGPT, based on information published by Bleeping Computer. The campaign discovered by Push Security, dubbed "LLMShare," utilizes Google ads to direct users searching for ChatGPT to a malicious shared page hosted on the legitimate chatgpt.com domain. This page displays a fake outage notice claiming the web version is unavailable and recommends downloading the desktop app. The attackers craft custom HTML and CSS using ChatGPT's rendering capabilities, embedding it within a shared ChatGPT link. Clicking the download button leads users to a fraudulent website, openew[.]app, which impersonates OpenAI's download portal. This site employs cloaking techniques to show different content to security researchers. The downloaded applications for macOS and Windows are designed to install malware, with past campaigns distributing infostealers. Similar tactics have been observed abusing other AI platforms' sharing features, such as Claude Artifacts, to distribute malicious commands and lures. Source: Bleeping Computer An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More SC Staff Related AI/ML How to defend at machine speed: A post-LLM era playbook Picus Security June 1, 2026 AI-era attacks now move at machine speed, forcing defenders to rethink validation and response. AI/ML AI helps Russian-speaking GreyVibe run five parallel attack chains on Ukrainian targets Steve Zurier May 29, 2026 Researchers say Russian-speaking group GreyVibe uses AI tools to scale cyberattacks on Ukraine. AI/ML Cheap AI has changed the economics of hacking Klaas Meinke May 29, 2026 AI has reduced the cost of hacking, but has the cost of mounting a defense dropped at the same rate? Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds