Abuse of ChatGPT Share Links for Malware Delivery
Threat actors have been found to be abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. This campaign, discovered by Push Security, uses Google ads to direct users searching for ChatGPT to a malicious shared ChatGPT page hosted on chatgpt.com.
Users who click the advertisement are taken to a legitimate ChatGPT shared page, but instead of seeing a chat conversation, they are presented with a rendered outage notice claiming the web version is unavailable and that they should download the desktop application instead. The fake outage message reads, "We're experiencing high traffic right now. Our website is temporarily unavailable due to a large number of users. Download our desktop app to continue."
Technical Details of the Attack
The attackers created a custom HTML page using ChatGPT's rendering capabilities and published it through a shared chatgpt.com/s/ link, allowing the fake outage notice to be displayed from a legitimate ChatGPT URL. The page includes "Show code" and "Remix with ChatGPT" controls, revealing that the fake outage notice is actually generated from custom HTML and CSS rendered by a ChatGPT prompt.
If the visitor clicks on the download button, they are brought to a website at openew[.]app that impersonates OpenAI's desktop application download portal. The researchers say the site uses cloaking to display content only to targeted victims. When security platforms like URLScan visited the URL, they were shown a harmless AR/VR company website instead.
Malware Distribution and Earlier Campaigns
The website offers both macOS and Windows downloads that install malware on devices. While it is unclear what payloads are ultimately deployed, earlier campaigns abusing AI platform sharing features have distributed infostealers. BleepingComputer's test of the Windows version on Any.Run found that it executes various commands to determine whether the device is a legitimate computer or a virtual machine.
Push Security also observed attacks abusing Claude Artifacts, Anthropic's feature for sharing rendered applications and content, to host ClickFix-style lures that tricked users into executing malicious commands. AI platforms' sharing features have been abused in the past to distribute malware to unsuspecting victims.
Earlier this year, threat actors used Google advertisements to direct users searching for Claude downloads to shared Claude conversations containing malicious installation instructions. Other campaigns abused shared ChatGPT and Grok conversations that conducted ClickFix attacks by impersonating software installation guides that instructed victims to execute commands that installed malware.
Conclusion and Recommendations
The abuse of ChatGPT share links for malware delivery highlights the need for users to be cautious when clicking on links and downloading software from the internet. It is essential to verify the authenticity of websites and downloads to avoid falling victim to such attacks. Additionally, AI platforms should consider implementing stricter security measures to prevent the abuse of their sharing features.
For more information on how to protect yourself from such attacks, you can download the guide on The Validation Gap: Automated Pentesting Answers One Question. You Need Six.
Source: BleepingComputer