Cybercriminals Use Fake Sites to Plant Malware in ChatGPT

Cybercriminals are planting malicious links in ChatGPT responses by using fake websites. They are exploiting ChatGPT's content sharing function to display fraudulent pages. The goal is to trick users into downloading infected programs disguised as official applications. This operation, called LLMShare, uses legitimate domains associated with OpenAI. Attackers promote sponsored ads targeting users looking for ChatGPT. When clicked, these links lead to a real ChatGPT URL generated through the platform's sharing features, increasing the attack's credibility. Once on the shared page, users see a fake service interruption notice. This message recommends downloading a desktop application to continue using ChatGPT. This notice is not from OpenAI but is a custom page rendered using ChatGPT's presentation capabilities. Clicking the download button redirects victims to a portal mimicking OpenAI's official download site. There, supposed versions of ChatGPT for Windows and macOS actually contain malicious software. The attackers also use advanced concealment techniques, like cloaking, to avoid detection by security tools. This makes it harder for researchers to identify the threat.