Attackers use ChatGPT feature to spread malware

Threat actors are exploiting ChatGPT's content-sharing feature to distribute malware. Attackers are creating fake OpenAI outage pages that prompt users to download a malicious desktop application disguised as ChatGPT, based on information published by Bleeping Computer.

The campaign discovered by Push Security, dubbed "LLMShare," utilizes Google ads to direct users searching for ChatGPT to a malicious shared page hosted on the legitimate chatgpt.com domain. This page displays a fake outage notice claiming the web version is unavailable and recommends downloading the desktop app. The attackers craft custom HTML and CSS using ChatGPT's rendering capabilities, embedding it within a shared ChatGPT link.

Clicking the download button leads users to a fraudulent website, openew[.]app, which impersonates OpenAI's download portal. This site employs cloaking techniques to show different content to security researchers. The downloaded applications for macOS and Windows are designed to install malware, with past campaigns distributing infostealers. Similar tactics have been observed abusing other AI platforms' sharing features, such as Claude Artifacts, to distribute malicious commands and lures.

Source: Bleeping Computer