Overview Researchers at Push Security have uncovered a new campaign dubbed LLMShare, where threat actors exploit ChatGPT’s content‑sharing feature to host fake outage pages that trick users into downloading malware disguised as the ChatGPT desktop application.
By abusing legitimate chatgpt.com/s/ shared links, attackers deliver phishing payloads directly through OpenAI’s trusted domain — bypassing traditional web filters and user skepticism.
How the Attack Works
The LLMShare campaign begins with malicious Google Ads targeting users searching for ChatGPT.
- Fake Sponsored Ads redirect victims to a shared ChatGPT page hosted on chatgpt.com.
- Instead of a normal chat, users see a fake outage notice claiming high traffic and urging them to “download our desktop app.”
- The page is rendered entirely within ChatGPT’s interface, using custom HTML and CSS injected via a prompt — making it appear legitimate.
- Clicking the download button leads to openew[.]app, a cloned site impersonating OpenAI’s official download portal.
Push Security confirmed that the malicious site uses cloaking to evade detection — showing harmless AR/VR content to security scanners while serving malware to real victims.
Technical Breakdown
The fake outage page includes “Show code” and “Remix with ChatGPT” controls, revealing that the content is generated from custom HTML rendered by ChatGPT itself.
Once victims click “Download,” they receive macOS or Windows installers that deploy malware.
- Windows variant executes system checks to detect virtual machines.
- macOS variant likely delivers infostealers similar to prior AI‑abuse campaigns.
Earlier attacks have used shared Claude Artifacts and Grok conversations to host ClickFix‑style lures, proving that AI platform sharing features are becoming a favored delivery vector for malware.
Why It’s Dangerous
Unlike traditional phishing hosted on attacker domains, LLMShare leverages OpenAI’s legitimate infrastructure.
- The trusted URL (
chatgpt.com/s/...) bypasses browser warnings and corporate filters. - The rendered content inherits ChatGPT’s visual style, making fake alerts indistinguishable from genuine system messages.
- The same‑origin policy offers no protection because the AI assistant executes within the user’s authenticated context.
This combination of trust transfer and rendered deception makes AI‑integrated browsers a new frontier for phishing and malware delivery.
Mitigation Strategies
Security teams should immediately:
- Block AI‑shared links in ads until verified as safe.
- Restrict browser permissions for AI summarization and rendering features.
- Treat all AI‑rendered alerts as unverified until origin attribution is visible.
- Monitor outbound traffic for unexpected image or file fetches.
- Educate users about fake outage messages and AI‑hosted malware.
Expert in the Cloud Insight
The LLMShare campaign highlights a growing trust‑surface vulnerability in AI platforms. As assistants gain browser integration and sharing capabilities, attackers exploit that trust to deliver malware from within legitimate domains.
Defenders must evolve beyond traditional phishing detection — focusing on content provenance, rendering integrity, and AI‑specific threat monitoring.
The future of cybersecurity depends on securing not just the model, but the interface that renders its output.
Leave a Reply