31.05.2026
3 min
98
Threat actors are abusing ChatGPT’s content-sharing feature to display fake OpenAI outage pages that trick users into downloading malware disguised as the ChatGPT desktop application.
The “LLMShare” campaign, discovered by Push Security, uses Google ads to redirect users searching for ChatGPT to a malicious shared ChatGPT page hosted on chatgpt.com, allowing the attack to be delivered through a legitimate OpenAI domain.
Users who click on the ads are taken to a legitimate shared ChatGPT page. However, instead of seeing a conversation, they are presented with a fake outage notice claiming that the web version is unavailable and instructing them to download the desktop application instead.
“We are currently experiencing high traffic,” the fake outage message states.
“Our website is temporarily unavailable due to a large number of users. Please download our desktop app to continue.”
Unlike traditional phishing pages hosted on attacker-controlled infrastructure, the fake outage notice is served directly through ChatGPT itself.
The threat actors created a custom HTML page using ChatGPT’s rendering capabilities and published it through a shared chatgpt.com/s/ link, allowing the fake outage message to be displayed from a legitimate ChatGPT URL.
Push Security noted that the page included “View Code” and “Remix with ChatGPT” controls, indicating that the fake outage notice was actually generated from user-created HTML and CSS rendered through a ChatGPT prompt.
If a visitor clicks the download button, they are redirected to openew[.]app, a website designed to mimic OpenAI’s official desktop application download portal.
Researchers say the site uses cloaking techniques to ensure that malicious content is shown only to targeted victims. When security analysis platforms such as URLScan visited the URL, they were served a benign AR/VR company website instead of the malicious content.
The site offers downloads for both macOS and Windows that install malware on victims’ devices. Although the final payloads remain unclear, previous campaigns that abused content-sharing features on AI platforms were known to distribute information-stealing malware.
Analysis of the Windows sample in Any.Run showed that it executes a series of commands to determine whether it is running on a real user system or inside a virtual machine, a tactic commonly used to evade detection and analysis.
Push Security also identified attacks leveraging Claude Artifacts, Anthropic’s content-sharing feature for interactive applications and rendered content. In those cases, threat actors hosted ClickFix-style lures designed to trick users into manually executing malicious commands.
Researchers note that sharing features offered by AI platforms have repeatedly been abused by cybercriminals as a distribution channel for malware targeting unsuspecting users.
