Menace actors exploit ChatGPT’s content material sharing capabilities to show pretend OpenAI outage pages that entice customers to obtain malware disguised because the ChatGPT desktop utility.
The “LLMShare” marketing campaign, found by Push Safety, makes use of Google Advertisements to direct customers looking for ChatGPT to a malicious shared ChatGPT web page hosted at chatgpt.com, permitting the assault to happen by way of reputable OpenAI domains.
Customers who click on on the advert are directed to a reputable ChatGPT sharing web page, however as a substitute of seeing the chat dialog, they obtain a stop and desist discover claiming that the net model shouldn’t be accessible and they need to obtain the desktop utility as a substitute.
The pretend outage message says, “We’re at the moment experiencing heavy site visitors.”
“As a result of excessive consumer quantity, our web site is quickly unavailable. Please obtain the desktop app to proceed.”
Not like conventional phishing pages, that are hosted on attacker-controlled infrastructure, the pretend suspension notices are displayed by means of ChatGPT itself.
The attacker used ChatGPT’s rendering capabilities to create a customized HTML web page and revealed it by means of a shared file. chatgpt.com/s/ The hyperlink means that you can show a pretend suspension discover from a reputable ChatGPT URL.
Push Safety famous that the web page contained “View Code” and “Remix with ChatGPT” controls, revealing that the pretend outage notification was truly generated from customized HTML and CSS rendered by the ChatGPT immediate.
When a customer clicks the obtain button, they’re directed to opennew(.)app, a web site masquerading as OpenAI’s desktop utility obtain portal.
Researchers say the positioning makes use of cloaking to show content material solely to focused victims. When safety platforms like URLScan accessed the URL, they had been as a substitute taken to a benign AR/VR firm’s web site.
This web site provides each macOS (VirusTotal) and Home windows (VirusTotal) downloads that set up malware in your system. Though it’s unclear what payload will finally be deployed, earlier campaigns that exploited the AI platform’s sharing capabilities have distributed info thieves.
BleepingComputer examined the Home windows model of Any.Run and located that it runs numerous instructions to find out whether or not a tool is an everyday laptop or a digital machine.
Push Safety additionally noticed assaults that leveraged Claude Artifacts, Anthropic’s function for sharing rendered functions and content material, to host ClickFix-style lures that trick customers into working malicious instructions.
The sharing capabilities of AI platforms have been exploited up to now to distribute malware to unsuspecting victims.
Earlier this 12 months, attackers used Google adverts to direct customers looking for Claude downloads to a Claude shared dialog containing malicious set up directions.
Different campaigns leveraged ChatGPT and Grok’s shared conversations to carry out ClickFix assaults by impersonating software program set up guides that instruct victims to run instructions that set up malware.
Automated penetration testing instruments provide actual worth, however they had been constructed to reply one query: Can an attacker get by means of your community? They don’t seem to be constructed to check whether or not controls block threats, detection guidelines hearth, or cloud configurations are preserved.
This information describes six surfaces that you need to truly look at.
Obtain now
