ChatGPT share links abused to host fake outage pages to deliver malware

Recorded: May 29, 2026, 7 p.m.

Original

News

Featured
Latest

California AG sues 23andMe over 2023 breach exposing health data

US charges Google security engineer with Polymarket insider trading

Charter Communications data breach affects 4.9 million accounts

GreyVibe hackers use ChatGPT, Gemini to power cyberattacks

ChatGPT share links abused to host fake outage pages to deliver malware

California AG sues 23andMe over 2023 breach exposing health data

From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market

Dutch govt disrupts malware botnet with 17 million infected devices

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityChatGPT share links abused to host fake outage pages to deliver malware

ChatGPT share links abused to host fake outage pages to deliver malware

By Lawrence Abrams

May 29, 2026
02:21 PM
0

Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application.
The "LLMShare" campaign, discovered by Push Security, uses Google ads to direct users searching for ChatGPT to a malicious shared ChatGPT page hosted on chatgpt.com, allowing the attack to be delivered through a legitimate OpenAI domain.

Fake sponsored ChatGPT advertisement
Users who click the advertisement are taken to a legitimate ChatGPT shared page, but instead of seeing a chat conversation, they are presented with a rendered outage notice claiming the web version is unavailable and that they should download the desktop application instead.
"We're experiencing high traffic right now," reads the fake outage message.
"Our website is temporarily unavailable due to a large number of users. Download our desktop app to continue."

Fake outage message
Unlike traditional phishing pages hosted on attacker-controlled infrastructure, the fake outage notice is rendered through ChatGPT itself.
The attackers created a custom HTML page using ChatGPT's rendering capabilities and published it through a shared chatgpt.com/s/ link, allowing the fake outage notice to be displayed from a legitimate ChatGPT URL.
Push Security noted that the page includes "Show code" and "Remix with ChatGPT" controls, revealing that the fake outage notice is actually generated from custom HTML and CSS rendered by a ChatGPT prompt.
If the visitor clicks on the download button, they are brought to a website at openew[.]app that impersonates OpenAI's desktop application download portal.

Fake ChatGPT download site
The researchers say the site uses cloaking to display content only to targeted victims. When security platforms like URLScan visited the URL, they were shown a harmless AR/VR company website instead.
The website offers both macOS [VirusTotal] and Windows [VirusTotal] downloads that install malware on devices. While it is unclear what payloads are ultimately deployed, earlier campaigns abusing AI platform sharing features have distributed infostealers.
BleepingComputer's test of the Windows version on Any.Run found that it executes various commands to determine whether the device is a legitimate computer or a virtual machine.
Push Security also observed attacks abusing Claude Artifacts, Anthropic's feature for sharing rendered applications and content, to host ClickFix-style lures that tricked users into executing malicious commands.
AI platforms' sharing features have been abused in the past to distribute malware to unsuspecting victims.
Earlier this year, threat actors used Google advertisements to direct users searching for Claude downloads to shared Claude conversations containing malicious installation instructions.
Other campaigns abused shared ChatGPT and Grok conversations that conducted ClickFix attacks by impersonating software installation guides that instructed victims to execute commands that installed malware.

The Validation Gap: Automated Pentesting Answers One Question. You Need Six.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate.
Download Now

Related Articles:
Ukraine identifies infostealer operator tied to 28,000 stolen accountsPaid AI Accounts Are Now a Hot Underground Commodity Hackers abuse Google ads, Claude.ai chats to push Mac malwareAustralia warns of ClickFix attacks pushing Vidar Stealer malwareFake Claude AI website delivers new 'Beagle' Windows malware

ChatGPT
Claude
Google Ads
Infostealer
Malware
Outage

Lawrence Abrams
Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.

Popular Stories

Charter confirms data breach after ShinyHunters extortion threat

Microsoft Defender can now automatically isolate hacked endpoints

Windows 11 KB5089573 update released with performance improvements

Sponsor Posts

AI is a data-breach time bomb: Read the new report

#1 MSP Benchmark report 2026: Insights from 1,000+ MSPs on growth, security, artificial intelligence, and key 2026 trends.

33% Rise in Healthcare Credential Theft in 2025: What you need to know

Overdue a password health-check? Audit your Active Directory for free

Upcoming Webinar

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Username

Password

Remember Me

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Threat actors are leveraging the content-sharing features of large language models such as ChatGPT to deploy malware through sophisticated social engineering techniques. This tactic involves creating fake outage pages that exploit users' trust in legitimate services to facilitate the distribution of malicious software. Specifically, the "LLMShare" campaign, identified by Push Security, utilized Google advertisements to direct users searching for ChatGPT to a malicious shared page hosted on chatgpt.com. Upon arrival, users are presented not with a conversation but with a fabricated outage notice claiming the web version is unavailable and instructing them to download the desktop application instead.

The novelty of this attack lies in how the fake notice is generated. Unlike traditional phishing, these attackers engineered the outage message using ChatGPT's rendering capabilities, creating custom HTML and CSS that mimic an official notice. This was achieved by publishing the content through a shared chatgpt.com/s/ link, which included controls like "Show code" and "Remix with ChatGPT," confirming that the fake notice was rendered directly from a prompt-generated response. Clicking a download button on this page redirected visitors to a deceptive site, openew[.]app, which impersonated the official OpenAI desktop application download portal. Security platforms attempting to analyze this site, such as URLScan, were successfully cloaked, displaying benign content instead of the malicious payload. This download site offered installers for both macOS and Windows, which were designed to deploy malware onto the user's device. Testing of the Windows version demonstrated that it executes commands to determine the host environment, checking whether the system was a legitimate computer or a virtual machine.

The abuse extends beyond ChatGPT, as threat actors have also exploited similar mechanisms across other AI platforms. Researchers observed attacks leveraging Claude Artifacts, Anthropic’s feature for sharing rendered applications and content, to create lures similar to ClickFix, tricking users into executing malicious commands. Historically, these AI platform sharing features have been exploited to distribute malware. Earlier campaigns involved threat actors using Google advertisements to direct users searching for Claude downloads to shared conversations containing malicious installation instructions. Furthermore, other campaigns have abused shared conversations on platforms like ChatGPT and Grok to impersonate software installation guides, instructing victims to execute commands that result in malware installation. Lawrence Abrams, owner and Editor in Chief of BleepingComputer.com, notes the broader context of these activities, highlighting the vulnerability presented by these AI platform sharing mechanisms.