Threat actors are abusing ChatGPT’s content-sharing feature and Google ads to promote fake OpenAI outage pages that push users toward malware disguised as the ChatGPT desktop app. The LLMShare campaign uses a legitimate chatgpt.com shared page and then redirects victims to a cloaked download site at openew[.]app that delivers malicious installers. #ChatGPT #LLMShare #openewapp #OpenAI
Keypoints
- LLMShare abuses ChatGPT’s shared content feature to host a fake outage notice.
- Google ads lure users searching for ChatGPT to the malicious shared page.
- The fake message is rendered through a legitimate chatgpt.com URL.
- Clicking the download button sends victims to openew[.]app, a cloaked fake download site.
- The site offers Windows and macOS installers that may deploy malware.