Hackers use real ChatGPT links to serve malware via fake "over capacity" pages
Just when you thought OpenAI had security figured out, hackers found a way to turn ChatGPT’s own sharing feature into a weapon. They are hosting perfectly rendered fake outage pages directly on the official domain to slip malware onto your device.
Security researchers at Push Security discovered a campaign dubbed LLMShare that exploits the trust users place in official domains. Cybercriminals are buying Google ads to target people searching for ChatGPT, redirecting them to a genuine chatgpt.com shared link. Instead of a normal chat history, the page renders a custom HTML and CSS message claiming the service is over capacity due to high load.
This ingenious digital illusion tells users that the web version is down and politely invites them to download the desktop application to continue. Because the URL in the browser bar actually says chatgpt.com, even the most paranoid techies are happily falling into the trap. It turns out that OpenAI’s wonderful feature for sharing chatbot prompts also doubles as a free hosting service for cybercriminals' design projects.
Once a victim clicks the download button, they are redirected to a malicious website masquerading as an OpenAI download portal. This site uses clever cloaking techniques to hide its true face from security scanners, displaying a boring, harmless virtual reality company website to any automated bots. For human victims, however, it generates customized Windows and macOS malware payloads designed to harvest personal data.
The trick is so effective that similar campaigns are popping up elsewhere. Attackers have already been caught abusing Claude Artifacts, a feature by Anthropic designed for sharing rendered apps, to deploy similar trickery. Other campaigns have exploited shared conversations on both ChatGPT and Grok to guide users through installing malicious software under the guise of helpful troubleshooting guides.
Tech giants spent billions building conversational artificial intelligence, only to realize they accidentally built the ultimate phishing delivery network. It is almost poetic that the very tools meant to automate humanity's future are now seamlessly automating the installation of spyware on people's laptops.
Source: BleepingComputer
Comments
This is where the magic happens: AI reads your discussion and rewrites the article based on the most interesting comments. Each strong comment adds points to the meter below. Once the meter is full, the article updates live — no page reload needed.