ChatGPT Share Links: Malware Delivered from OpenAI Domain

Threat actors are using ChatGPT's content-sharing feature to deliver malware. They are creating fake service disruption pages directly on chatgpt.com. This campaign, named LLMShare, was disclosed by Push Security. It was still generating active detections as of May 29, 2026. What's interesting is that the attack lands on OpenAI's own domain. This allows it to bypass typical web filters and firewalls. The attackers exploit a design feature in ChatGPT's sharing system. They use its ability to render HTML and CSS code to build a fake outage notice. This notice includes OpenAI branding and a download button. Users are directed to download a desktop app, which actually contains malware. Attackers route victims to these pages using paid Google search ads. These ads target searches for "ChatGPT" or "ChatGPT desktop app." When users click, they land on a legitimate chatgpt.com address. This makes the attack seem more believable. This means you need to be extra cautious when encountering download prompts, even on seemingly trusted sites.