Threat actors are leveraging ChatGPT and Claude sharing features to host fake outage pages that trick users into downloading malware disguised as desktop applications. These attacks utilize Google Ads to redirect users to legitimate sharing URLs, which then redirect them to a malicious site (openew[.]app) using cloaking techniques to evade security researchers. The campaign employs 'ClickFix' style lures to execute malicious commands and potentially deliver infostealers on Windows and macOS.
| IOC Type | Value | Description | Relevant MITRE ATT&CK Techniques |
|---|---|---|---|
| Domain |
openew[.]app
|
Domain impersonating OpenAI's desktop application portal used to distribute malware. | T1566.002 |
| Code | Title |
|---|---|
| T1566.002 | Phishing: Spearphishing Link |
| T1566.003 | Phishing: Spearphishing via Service |
| T1036 | Mascquerading |
| T1564 | Hide Artifacts |
| T1027 | Obfuscated Files or Information |
| Type | Value |
|---|---|
| Key | other |
| Value | Users searching for ChatGPT and Claude desktop applications |
Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. The "LLMShare" campaign, discovered by Push Security , uses Google ads to direct users searching for ChatGPT to a malicious shared ChatGPT page hosted on chatgpt.com, allowing the attack to be delivered through a legitimate OpenAI domain. Fake sponsored ChatGPT advertisement Users who click the advertisement are taken to a legitimate ChatGPT shared page, but instead of seeing a chat conversation, they are presented with a rendered outage notice claiming the web version is unavailable and that they should download the desktop application instead. "We're experiencing high traffic right now," reads the fake outage message. "Our website is temporarily unavailable due to a large number of users. Download our desktop app to continue." Fake outage message Unlike traditional phishing pages hosted on attacker-controlled infrastructure, the fake outage notice is rendered through ChatGPT itself. The attackers created a custom HTML page using ChatGPT's rendering capabilities and published it through a shared chatgpt.com/s/ link, allowing the fake outage notice to be displayed from a legitimate ChatGPT URL. Push Security noted that the page includes "Show code" and "Remix with ChatGPT" controls, revealing that the fake outage notice is actually generated from custom HTML and CSS rendered by a ChatGPT prompt. If the visitor clicks on the download button, they are brought to a website at
While it is unclear what payloads are ultimately deployed, earlier campaigns abusing AI platform sharing features have distributed infostealers. BleepingComputer's test of the Windows version on Any.Run found that it executes various commands to determine whether the device is a legitimate computer or a virtual machine. Push Security also observed attacks abusing Claude Artifacts, Anthropic's feature for sharing rendered applications and content, to host ClickFix-style lures that tricked users into executing malicious commands. AI platforms' sharing features have been abused in the past to distribute malware to unsuspecting victims. Earlier this year, threat actors used Google advertisements to direct users searching for Claude downloads to shared Claude conversations containing malicious installation instructions.