LLMShare Malware Campaign: ChatGPT and Claude Shared Chats Weaponized for Desktop App Trojanization and Credential Theft
Date: 2026-06-01
Tags: phishing, malware, shadow-ai
Executive Summary
Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. The "LLMShare" campaign, discovered by Push Security, uses Google ads to direct users searching for ChatGPT to a malicious shared ChatGPT page hosted on chatgpt.com, allowing the attack to be delivered through a legitimate OpenAI domain. On Claude, shared chats pose as Apple support walkthroughs laced with malicious Terminal commands, while a shared Claude chat shows a fake download guide for Claude Code that delivers malware.
Campaign Summary
| Field | Detail |
|---|---|
| Campaign / Malware | LLMShare |
| Attribution | Unknown (confidence: low) |
| Target | ChatGPT and Claude users searching for downloads; general user base via Google ads |
| Vector | Legitimate AI platform sharing features (chatgpt.com public shares); fake app download sites; Google Ads malvertising |
| Status | active |
| First Observed | 2026-05-29 |
Detailed Findings
Users who click the advertisement are taken to a legitimate ChatGPT shared page, but instead of seeing a chat conversation, they are presented with a rendered outage notice claiming the web version is unavailable and that they should download the desktop application instead, with messages such as "We're experiencing high traffic right now. Our website is temporarily unavailable due to a large number of users. Download our desktop app to continue." The page includes "Show code" and "Remix with ChatGPT" controls, revealing that the fake outage notice is actually generated from custom HTML and CSS rendered by a ChatGPT prompt. The website offers both macOS and Windows downloads that install malware on devices. While it is unclear what payloads are ultimately deployed, earlier campaigns abusing AI platform sharing features have distributed infostealers. Push Security calls the attack technique "LLMShare."
MITRE ATT&CK Mapping
| Technique | ID | Context |
|---|---|---|
| Social Engineering | T1566.002 | Phishing via fake app download pages masquerading as legitimate platform outages |
| Malware Distribution | T1204.002 | User execution of malicious desktop application downloads |
| Trusted Relationship Exploitation | T1199 | Abuse of trusted ChatGPT and Claude domains to deliver phishing payloads |
IOCs
Domains
openew.app
chatgpt.com (legitimate domain abused for sharing malicious prompts)Full URL Paths
Shared ChatGPT prompts rendering fake outage pages (legitimate chatgpt.com domain with attacker-controlled prompt content)Splunk Format
"openew.app" OR "chatgpt.com (legitimate domain abused for sharing malicious prompts)" OR "Shared ChatGPT prompts rendering fake outage pages (legitimate chatgpt.com domain with attacker-controlled prompt content)"Detection Recommendations
Monitor for and block Google Ads linking to download sites imitating OpenAI or Anthropic official portals. Implement reputation filtering for newly registered domains hosting 'app download' pages. Educate users to verify downloads directly from official vendor websites rather than following outage notice prompts. Implement endpoint detection for suspicious PowerShell execution and process creation patterns post-installation.
References
- [BleepingComputer] ChatGPT share links abused to host fake outage pages to deliver malware (2026-05-30) — https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/
- [The Decoder] Attackers abuse shared ChatGPT and Claude chats to spread malware (2026-05-30) — https://the-decoder.com/attackers-abuse-shared-chatgpt-and-claude-chats-to-spread-malware/