Attackers Abuse ChatGPT Share Links to Host Fake Outage Pages That Deliver Malware

Threat actors are exploiting ChatGPT's content-sharing feature to set up fake OpenAI outage pages. These pages instruct users to download malware disguised as the ChatGPT desktop app.

The campaign, called "LLMShare" and uncovered by Push Security, uses Google ads to lead users to a malicious shared ChatGPT page hosted on the legitimate chatgpt.com domain.

Since the lure is delivered through a genuine OpenAI URL, it avoids the usual warning signs of phishing infrastructure controlled by attackers.

How the ChatGPT Fake Outage Attack Works

The campaign depends on the ability to publish custom-rendered HTML through ChatGPT's sharing feature.

1. Attackers purchase Google ads targeting users searching for ChatGPT, and clicking the ad directs to what appears to be a legitimate ChatGPT shared page on a chatgpt.com/s/ link.
2. Instead of a real chat conversation, the page shows a fake outage notice.
3. This notice claims that the web version is unavailable due to high traffic and directs users to download the desktop app.
4. Clicking the download button redirects to openew[.]app, a site that impersonates OpenAI's official desktop download portal.

The fake outage message states: "We're experiencing high traffic right now. Our website is temporarily unavailable due to a large number of users. Download our desktop app to continue."

This custom outage notice is generated from HTML and CSS rendered by a ChatGPT prompt. Push Security observed that the page includes "Show code" and "Remix with ChatGPT" controls, indicating that the outage notice is not a genuine system message but a custom-rendered artifact.

How Cloaking Hides the Malware From Security Scanners

The download site at openew[.]app uses cloaking techniques to show malicious content only to specific targets. When security tools like URLScan visited the site, they saw a harmless website for an AR/VR company instead of the fake download page.

The site offers downloads for both macOS and Windows that install malware. The exact payload remains unclear, but earlier campaigns exploiting AI platform sharing features have distributed infostealer malware.

BleepingComputer's test of the Windows version revealed that it runs commands to check whether the device is a real computer or a virtual machine, a common tactic to avoid automated analysis.

How to Avoid These ChatGPT Fake Outage Malware Attacks

Users looking for ChatGPT or any AI application should follow these 4 safety tips:

1. Avoid clicking on sponsored search ads for software downloads. Instead, go directly to the official website.
2. Be wary of any "outage" page that prompts you to download a desktop application to continue. Legitimate services do not redirect users to downloads during outages.
3. Only download desktop applications from official vendor sites or authorized app stores, not from links found in ads or shared pages.
4. Be cautious of any shared ChatGPT or Claude links that show a download prompt or installation instructions, as they are likely to be suspicious and are usually user-created content rather than official messages.

The Broader Pattern of Abusing AI Sharing Features to Spread Malware

The LLMShare campaign is part of a growing pattern of exploiting AI platform sharing features to spread malware. Push Security also observed attacks misusing Claude Artifacts, a feature from Anthropic that enables sharing rendered applications, to host ClickFix-style lures that trick users into executing malicious commands.

Earlier in 2026, threat actors used Google ads to direct users searching for Claude downloads to shared Claude conversations containing malicious installation instructions. Other campaigns misused shared ChatGPT and Grok conversations to carry out ClickFix attacks, impersonating legitimate software installation guides.

The main problem is that content shared through AI platforms appears to come from a trusted domain, even though it is fully controlled by attackers. Users should treat the rendering feature as untrusted user-generated content rather than as official platform messaging.

Anthropic and OpenAI have not publicly shared specific steps to address the abuse of their sharing features in this campaign. Users should remain cautious of any download prompts encountered through shared AI conversation links.

Thank you for being a Ghacks reader. The post Attackers Abuse ChatGPT Share Links to Host Fake Outage Pages That Deliver Malware appeared first on gHacks.