Malware Delivered via ChatGPT Links in New Cyber Attack Campaign

Malware Delivered via ChatGPT Links in New Cyber Attack Campaign

First seen 29 May 2026, 19:39 UTC Theregisterpermiso.ioPhiliphallCybersecuritynewsBleepingcomputer+14 84% similarity 64.5

Article Content

Browse articles
ThreatCluster

Threat actors are exploiting ChatGPT's content-sharing feature to deliver malware through a campaign dubbed 'LLMShare.' This attack involves creating fake outage pages on the legitimate chatgpt.com domain, tricking users into downloading malicious software disguised as the ChatGPT desktop application. Google ads are used to lure victims searching for ChatGPT, leading them to these fraudulent pages. Once on the site, users see a fake message about high traffic and are prompted to download the malware. The malicious downloads target both Windows and macOS systems, with the Windows version executing commands to check for security software. The attackers utilize cloaking techniques to hide the true nature of the site from automated security tools. The campaign highlights a significant risk associated with the misuse of AI platform features for malicious purposes.

Key Points: • Threat actors exploit ChatGPT's sharing feature to host fake outage pages. • Malware is delivered through Google ads targeting ChatGPT-related searches. • The campaign uses cloaking techniques to evade detection by security tools.

ThreatCluster AI

Timeline

2026-05-29
LLMShare campaign identified
Push Security discovered a campaign using ChatGPT's features to deliver malware via fake outage pages.
BleepingComputer
2026-05-29
Google ads used for malicious redirection
Attackers employed Google ads to direct users searching for ChatGPT to malicious links on chatgpt.com.
Neowin
2026-05-29
Malware targets Windows and macOS
The downloaded malware includes infostealers and is designed to evade detection by checking for security software.
Philiphall

Community

Browse all →