RSS

Hackers are now using ChatGPT share links to deliver malware

bundie1 pts0 comments

Hackers are now using ChatGPT share links to deliver malware - Neowin

DEALS

Software

Gaming

Reviews

Guides

Hands On

Specs Appeal

Opinion

Windows 11

Write for us?

Send news tip

-->

Researchers at Push Security have identified a new campaign by threat actors that delivers infostealer malware through legitimate domains, tagged "LLMShare."

Basically, "LLMShare" works by abusing the share features of popular LLM chatbots like ChatGPT. The attackers render a custom HTML layout directly on the legitimate domain to display a fake system maintenance message like "we're experiencing high traffic right now," to simulate a crash, and try to get you to download their desktop app.

Image via Push Security

The threat actors use sponsored Google search ads targeting search terms like "ChatGPT," "ChatGPT desktop app," or "ChatGPT download" to drive victims toward this trap. When a user clicks one of these malicious search ads, they go to a legitimate URL that looks exactly like a normal chatgpt.com/s/[unique-id] share link. Because the domain belongs to OpenAI, web filter rules and firewall blocks do not trigger.

When you click the download button on this fake page, the site takes you to an external domain named openew[.]app, which impersonates the OpenAI desktop application, from where payloads targeting both Windows and macOS users are distributed.

Image via Push Security

The landing site remains smart enough to detect automated testing sandboxes, allowing the site to hide its true nature by serving a harmless mock-up web design. When BleepingComputer tested the Windows version on Any.Run, the executable ran various commands to verify if the victim ran a physical desktop or a virtual machine sandbox, looking for registry keys associated with security software. On macOS, this exact trap drops Odyssey Stealer to steal sensitive data.

Every day, hackers are finding new and creative ways to exploit LLMs and the chatbots that developers built on top of them to distribute malicious software. Recently, a threat actor named GreyVibe targeted Ukrainian infrastructure. Thanks to AI, the group is able to punch above its weight, fill technical gaps, write code obfuscation scripts, and generate highly realistic social engineering lures.

GreyVibe relied on attack methods like PhantomMail to send polished phishing emails mimicking Ukrainian government agencies, PhantomClick to deploy fake CAPTCHA prompts that run malicious PowerShell commands, and PrincessClub to host fake adult portals containing Android spyware.

Tags

Chatgpt

Hacking

Threat actors

Ai

Llm

Security

Cybersecurity

Follow us onGoogle News

Add as a preferredsource on Google

Follow@NeowinFeed

Post

Like

Share

Share

Share

RSS

Report a problemwith this article

Related Stories

🛍️ Shop on Amazon using our link:

shop at Amazon at no extra cost

☕️ Support us with a virtual coffee:

2.00 Dollars ($)<br>5.00 Dollars ($)<br>10.00 Dollars ($)<br>20.00 Dollars ($)<br>25.00 Dollars ($)<br>50.00 Dollars ($)<br>100.00 Dollars ($)

🏦 Or support us with a bank transfer

Community Activity

Refresh

Please Welcome TRS-80 to the MVC Group!

in<br>Site Announcements

What's the Deal With Pokémon Cards?

in<br>The Hobby Corner

Blooper reels (how not to rocket)

in<br>Science News & Discussion

AI in California Courts Drafts Orders in Secret: Litigants Get No Disclosure

in<br>Back Page News

Which Linux distribution do you prefer?

in<br>Linux

Welcome to DuckDuckGo Help

in<br>Web Browser Discussion & Support

Wix - how do I make this kind of popup or image link?

in<br>Web Design & Development

What are you playing?

in<br>Gamers' Hangout

shortcuts mentioned in `I never knew Windows had a "hidden" collection of tools` article

in<br>Tips, Tweaks & Customization

Acronyms....

in<br>Jokes & Funny Stuff

Software Stories

Trending Stories

Load the comments and join the conversation!

Read the comments, ask the editors questions, show respect and join the conversation.

Click here

Sort by oldest first (thread view)<br>Sort by newest first (thread view)<br>Sort by oldest first (linear view)<br>Sort by newest first (linear view)

Report Comment

Close

Please enter your reason for reporting this comment.

review

Forza Horizon 6: a stunning open-world Japanese adventure

forza horizon 6

review

BOOX Go Gen 2 Lumi: stunning E-Ink Android tablet with rich software

boox go gen 2 lumi

7-day recap

Firefox 'Nova' redesign, free unlimited AI ride is ending, warning from Torvalds

7 days promo

review

Far Far West early access review: a superb cowboys & magic co-op game

far far west

review

Cuktech 30 Ultra charger: ports, adapters, 300W, and a big screen

cuktech 30 ultra

Weekly Recap

Microsoft fixes Copilot key and removes ports from Xbox controllers

microsoft weekly promo

review

Luna Ring Gen 2: beautiful, no-subscription wellness accessory

luna ring gen 2

review

Serafim S3 controller: Good ergonomics, great tactility, and some weird stuff

serafim s3

review

HONOR 600: a mid-ranger boasting...

chatgpt review share dollars like software

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

Naphtha Shortages Having a Growing Impact in Japan

takakaze13 ptsnaphtha packaging products shortages calbee from
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.