Cybercriminals are exploiting ChatGPT's content-sharing functionality to host convincing fake OpenAI outage pages on legitimate ChatGPT URLs, tricking users into downloading malware disguised as the ChatGPT desktop application.

The campaign, dubbed LLMShare by researchers at Push Security, leverages Google Ads and ChatGPT's share-link feature to create highly convincing malware delivery chains that abuse trust in OpenAI's infrastructure. Instead of hosting phishing content on attacker-controlled domains, threat actors are using legitimate ChatGPT share pages to display malicious content, making detection significantly more difficult.

Key Details

How the Attack Works

The attack begins when users search for ChatGPT online and click on malicious sponsored advertisements appearing in search results.

Rather than redirecting victims to a suspicious website, the advertisement sends users to a legitimate ChatGPT shared conversation page hosted on the official ChatGPT domain. This significantly increases the likelihood that users will trust the page.

Once opened, the shared page displays what appears to be an official OpenAI service notification claiming that ChatGPT is experiencing high traffic or a temporary outage.

The page instructs visitors to download the desktop version of ChatGPT to continue using the service.

When users click the download button, they are redirected to a fraudulent website impersonating OpenAI's software download portal, where malware is delivered instead of a legitimate application.

Why This Campaign Is Different

Traditional phishing campaigns typically rely on lookalike domains or compromised websites.

The LLMShare campaign is notable because the phishing content is rendered directly through ChatGPT's own sharing infrastructure.

Researchers discovered that attackers used custom HTML and CSS rendered by ChatGPT to create realistic outage notices. Users can even see indicators such as "Show code" and "Remix with ChatGPT," further reinforcing the appearance that the content is legitimate.

Because the content is hosted on a trusted OpenAI domain, users and security controls may be less likely to identify the page as malicious.

Cloaking Techniques Used

Researchers also observed the attackers using cloaking technology to evade security analysis.

The fake download portal only displays malicious content to targeted victims. When automated security scanners and analysis services attempt to access the site, they are shown a harmless website unrelated to OpenAI.

This tactic makes the campaign more difficult to detect and investigate while increasing its operational lifespan.

Potential Impact

Although the final malware payload has not been publicly identified, researchers believe the campaign may distribute information-stealing malware based on similarities with previous attacks abusing AI platform-sharing features.

Potential consequences include:

• Credential theft

• Browser session hijacking

• Theft of cryptocurrency wallets

• Corporate account compromise

• Data exfiltration

• Deployment of additional malware

Organizations should assume that any employee installing software from unverified ChatGPT download pages may expose sensitive business data.

Indicators of Compromise (IOCs)

Mitigation Recommendations

Organizations can reduce exposure to this threat by implementing the following controls:

1. Train Employees to Verify Software Sources

Users should only download ChatGPT applications from official OpenAI channels and never from links embedded in shared conversations or advertisements.

2. Monitor for Suspicious ChatGPT Shared Links

Security teams should inspect shared AI platform URLs that contain executable download prompts or service-outage messaging.

3. Block Known Malicious Infrastructure

Add identified indicators, including openew[.]app, to blocklists and threat intelligence feeds.

4. Strengthen Endpoint Protection

Deploy behavioral malware detection capable of identifying infostealers and suspicious application installations.

5. Increase Awareness Around AI-Themed Social Engineering

As AI platforms become more integrated into business workflows, attackers are increasingly exploiting user trust in these services. Security awareness programs should include examples of AI-platform abuse.

ClearPhish Takeaway

The LLMShare campaign highlights a growing cybersecurity challenge: attackers no longer need to compromise trusted domains when they can abuse legitimate platform features instead.

By leveraging ChatGPT's content-sharing functionality and trusted OpenAI infrastructure, threat actors have created a highly convincing malware delivery mechanism capable of bypassing traditional trust-based security assumptions.

Organizations should prepare for more attacks that weaponize legitimate AI platforms and focus security awareness efforts on verifying actions—not just URLs. As AI services continue to gain widespread adoption, trust itself is becoming part of the attack surface.