Overview A new malvertising campaign is exploiting ChatGPT’s global popularity by promoting a weaponized fake download site through sponsored search results, delivering malware to both Windows and macOS users.
Researchers from Evalian’s SOC team uncovered the operation, which uses convincing OpenAI branding and search engine ads to lure users actively seeking legitimate AI tools. The malicious domain, openew[.]app, mimics an official ChatGPT download portal, offering multiple download options — Windows, macOS, and a Chrome extension.
While the Chrome extension redirects to a legitimate listing to build trust, the Windows and macOS installers deliver trojanized payloads.
Attack Mechanism
The campaign combines brand impersonation, malvertising, and multi‑platform payload delivery.
| Stage | Technique | Impact |
|---|---|---|
| Sponsored Search Ads | Fake ChatGPT download links via Google Ads | High visibility and credibility to lure victims |
| Fake OpenAI Website | Domain openew[.]app mimics official branding | Users tricked into downloading malware |
| Trojanized Installers | Electron‑based apps with obfuscated payloads | Remote access and data exfiltration |
| CAPTCHA Evasion | CAPTCHA gating before execution | Avoids sandbox detection and automated analysis |
Technical Insights
The Windows payload, distributed as Chat_GPT.exe, uses an Inno Setup installer to deploy an Electron‑based application. Despite its legitimate appearance, the binary contains mismatched metadata and a code‑signing certificate issued to an unrelated entity — a tactic to bypass user suspicion.
Inside the app’s app.asar archive, researchers found obfuscated JavaScript (winter.js) using encoded strings and dynamic execution patterns. The malware leverages Node.js modules such as child_process, fs, and systeminformation, enabling:
- System reconnaissance
- File manipulation
- Command execution
Dynamic analysis revealed CAPTCHA‑based gating before payload execution — a technique designed to evade sandbox detection. Once the CAPTCHA is completed, the malware spawns PowerShell processes with flags like -ExecutionPolicy Unrestricted, suggesting staged payload delivery.
The malware creates a Chromium‑style profile in %AppData%\Satoshi to maintain persistence and store cookies and cache files.
macOS Variant
The macOS payload (SHA256: 7E5B708F6659B1FAD3AAE7B589A706434FBF21708AEEC5AF5910189B96E25FEF) remained largely undetected by antivirus engines at discovery, indicating low distribution volume or effective evasion techniques.
Both variants reference legitimate DNS‑over‑HTTPS services (Cloudflare and Google) to blend malicious traffic into normal encrypted DNS flows, helping attackers evade network monitoring.
Mitigation Steps
Defenders should focus on behavioral detection rather than static signatures:
- Monitor newly registered domains impersonating software vendors.
- Analyze process behavior — watch for unexpected Electron apps spawning PowerShell.
- Inspect installer metadata for inconsistencies in signatures and certificates.
- Block malicious ads and educate users on malvertising risks.
- Audit directories like
%AppData%\Satoshifor unauthorized profiles.
Expert in the Cloud Insight
This weaponized ChatGPT campaign underscores how malvertising has evolved into a precision delivery mechanism. By exploiting trusted branding, AI popularity, and modern frameworks like Electron, attackers bypass traditional phishing filters and target users with high intent to download.
For enterprises, the takeaway is clear: brand impersonation is the new attack surface. Security teams must combine threat intelligence, ad network monitoring, and user education to counter this growing trend.
Leave a Reply