Hackers abuse ChatGPT's content-sharing feature to spread malware

As artificial intelligence continues to transform the way people work, learn, and communicate, cybercriminals are rapidly adapting their tactics to exploit the trust users place in these platforms. Security researchers have uncovered a sophisticated malware campaign that abuses ChatGPT's content-sharing functionality to distribute malicious software. Rather than relying on fake websites or typosquatting domains, threat actors are leveraging legitimate ChatGPT pages hosted on the official domain to deceive users into downloading malware.

The campaign represents a significant shift in phishing and social engineering tactics, demonstrating how attackers are increasingly exploiting trusted platforms to bypass traditional security awareness measures and gain credibility with potential victims.

In the physical world, “living off the land” means surviving only by the resources that can be harvested from the natural land. In the technology world, a Living off the Land (aka: LOLbins, LOTL) attack describes a cyberattack in which intruders use legitimate software and functions available in the system to perform malicious actions on it.

The latest campaign demonstrates this concept perfectly. Rather than creating a fraudulent website that could easily be flagged as suspicious, attackers are abusing ChatGPT's own content-sharing feature to host deceptive content directly on a legitimate ChatGPT URL and routing victims there through paid Google search ads. This approach significantly increases user trust because the malicious content appears to originate from a recognised and reputable platform.

Researchers from Push Security said that the campaign, which they dubbed "LLMShare,"  on May 29, 2026: threat actors buy Google advertisements for "ChatGPT," route clicks to a real chatgpt.com/s/ shared conversation page, and use ChatGPT's own HTML rendering to display a fake OpenAI outage notice that pushes victims to download a "desktop app" from openew[.]app. The installer lands an infostealer on Windows and macOS. While previous versions of this attack relied on fake ChatGPT conversations to convince users to install malware, threat actors are now using fake OpenAI outage pages hosted on ChatGPT's own domain.                                                          Fake sponsored ChatGPT advertisement

Users who click the advertisement are taken to a legitimate ChatGPT shared page, but instead of seeing a chat conversation, they are presented with a rendered outage notice claiming the web version is unavailable and that they should download the desktop application instead. 

Once victims land on the shared ChatGPT page, they are shown what appears to be an official OpenAI outage message. The page claims that ChatGPT’s web platform is temporarily unavailable due to unusually high traffic and encourages users to install the desktop application instead.

The fraudulent notification reads:
“We’re experiencing high traffic right now. Our website is temporarily unavailable due to a large number of users. Download our desktop app to continue.” 

                                                                       Fake outage message

Unlike conventional phishing pages that rely on cloned websites hosted on attacker-owned servers, this campaign takes advantage of ChatGPT’s own rendering capabilities. 

Researchers discovered that the attackers created custom HTML and CSS content through ChatGPT prompts and then published it through a shared chatgpt.com/s/ link, allowing the fake outage notice to be displayed from a legitimate ChatGPT URL. 

The malicious pages even included authentic ChatGPT interface elements such as “Show code” and “Remix with ChatGPT,” standard ChatGPT formatting and Styling, reinforcing the illusion that the page was part of a normal OpenAI experience. This is a major shift in how phishing infrastructure can operate. Instead of compromising websites or creating lookalike domains, attackers are abusing trusted AI platforms themselves.

If the visitor clicks on the download button, they are brought to a website at openew[.]app that impersonates OpenAI's desktop application download portal.  

                                                             Fake ChatGPT download site

Both Windows and macOS payloads have been confirmed. Malwarebytes, which documented a concurrent fake ChatGPT download campaign in late May 2026, identified the macOS payload in similar operations as Odyssey Stealer — a fork of the well-documented Atomic macOS Stealer that targets: 

• browser-saved passwords, 
• cryptocurrency wallet data, and 
• active session cookies, 
• Authentication tokens
• Personal information
• Business credentials
• and attempts to replace legitimate Ledger and Trezor wallet applications with trojanized versions.

Push Security noted that the exact payload families for the LLMShare executables had not been definitively named as of the disclosure, though infostealer malware consistent with earlier campaigns is suspected. The malicious executables themselves are flagged by multiple security engines on VirusTotal. Once installed, the malware can steal sensitive information and potentially provide attackers with access to online accounts, corporate resources, and financial assets.

The LLMShare campaign highlights a growing trend in cybercrime where threat actors exploit trust rather than technical vulnerabilities. Historically, users were trained to identify suspicious domains, poor website design, and obvious phishing indicators.

This campaign bypasses many of those traditional warning signs because:

• The URL appears legitimate.
• The content is hosted on a trusted platform.
• The interface resembles an authentic ChatGPT experience.
• Users believe they are interacting with a genuine service.

As AI adoption continues to increase, similar attacks targeting trusted AI platforms are likely to become more common.

For end users:

1. Bookmark openai.com and chatgpt.com directly. Never reach the products through a Google search or sponsored ad result. 
2. Treat any "download the desktop app" prompt on a chatgpt.com/s/ URL as malicious. The legitimate ChatGPT desktop application is distributed only through openai.com directly and through the platform app stores.
3. Watch your inbox. If you ever entered an email address into a malicious LLMShare lure, the operator now has a verified live address paired with intent ("interested in ChatGPT downloads") and will follow up with phishing emails carrying tracking pixels.

Strengthen Security Awareness Programmes

Educate employees on:

• AI-related phishing attacks
• Malvertising campaigns
• Social engineering techniques
• Credential theft risks
• Safe software installation practices

Deploy Endpoint Detection and Response (EDR)
EDR solutions can help identify:

• Malware execution
• Credential theft attempts
• Suspicious processes
• Data exfiltration activities

Implement Application Control:
Restrict the installation of unauthorised software and browser extensions across corporate environments.

Adopt Zero Trust Principles
Organisations should implement:

• Least privilege access
• Identity verification
• Conditional access controls
• Network segmentation
• Continuous monitoring

Monitor Threat Intelligence
Security teams should continuously monitor emerging threats targeting AI platforms and developer ecosystems.

The abuse of ChatGPT's content-sharing feature illustrates how cybercriminals continue to evolve their tactics by exploiting trust in well-known platforms. As artificial intelligence becomes increasingly integrated into everyday workflows, users and organisations must remain vigilant, verify downloads carefully, and adopt robust cybersecurity practices.

At CyLynk, we are seeing an increasing number of cyber threats leveraging trusted platforms, artificial intelligence services, and legitimate business applications to distribute malware and steal sensitive information. The LLMShare campaign demonstrates that organisations can no longer rely solely on traditional phishing awareness techniques. Modern cyber threats require a proactive, layered security approach that combines technology, people, and processes.

Whether you are a small business, enterprise organisation, educational institution, or government agency, CyLynk can help identify and remediate security weaknesses before attackers exploit them.

For expert cybersecurity guidance, security assessments, and proactive defence services, visit CyLynk and learn how we can help protect your organisation against today's evolving cyber threats.

ChatGPT share links abused to host fake outage pages to deliver malware https://www.xcitium.com/knowledge-base/lotl/https://www.techtimes.com/articles/317528/20260601/chatgpt-share-links-deliver-malware-openai-domain-evading-corporate-web-filters.htm
https://techjacksolutions.com/scc-intel/trusted-platform-abuse-chatgpt-share-links-claude-artifacts-and-m365-direct-send-weaponized-for-malware-and-phishing-delivery/
https://www.gblock.app/articles/chatgpt-share-links-llmshare-malware-push-security-may-2026
https://pushsecurity.com/blog/llmshare-malvertising-campaign