ChatGPT Share Links Abused for Malware Delivery

Threat actors are using ChatGPT's content-sharing feature to spread malware. They create fake OpenAI outage pages that trick users into downloading malicious software. Here's how it works: a Google ad directs users searching for ChatGPT to a malicious shared ChatGPT page. This page, hosted on a legitimate chatgpt.com domain, displays a fake outage notice. It claims the web version is unavailable and tells users to download a desktop application instead. The fake outage message reads, "We're experiencing high traffic right now... Download our desktop app to continue." When users click the download button, they are taken to a website impersonating OpenAI's download portal. This site offers macOS and Windows downloads that install malware. What's interesting is that the fake outage notice itself is rendered through ChatGPT using custom HTML. This allows the attack to originate from a legitimate ChatGPT URL. This tactic, called the "LLMShare" campaign, has been observed by Push Security. This matters because it highlights how legitimate AI platform features can be abused to deliver malware, making it harder for users to identify threats.