LLMShare: ChatGPT and Claude Share Links Weaponized for Malware Delivery via Google Ads and Fake Outage Pages
Date: 2026-06-02
Tags: phishing, malware, prompt-injection
Executive Summary
LLMShare plants fake outage pages on OpenAI's real domain chatgpt.com, driving victims through Google ads. Corporate firewalls fail because the URL is genuine. Push Security confirmed active detections on May 29, 2026. LLMShare is the most technically refined entry in a line of attacks that has grown sharply since late 2025.
Campaign Summary
| Field | Detail |
|---|---|
| Campaign / Malware | LLMShare |
| Attribution | Unknown threat actor(s) (confidence: low) |
| Target | Enterprise users of ChatGPT and Claude; geographically and temporally scoped by malvertising |
| Vector | ChatGPT allows users to share conversations through public links in the format chatgpt.com/s/[unique-id]. It also renders HTML and CSS code embedded in those shared pages. The attackers behind LLMShare used that rendering capability to build a pixel-perfect fake ChatGPT outage notice — complete with OpenAI branding and a prominent download button — and published it as a standard share link. |
| Status | active |
| First Observed | 2026-05-29 |
Detailed Findings
The campaign, called 'LLMShare' and uncovered by Push Security, uses Google ads to lead users to a malicious shared ChatGPT page hosted on the legitimate chatgpt.com domain. Attackers purchase Google ads targeting users searching for ChatGPT, and clicking the ad directs to what appears to be a legitimate ChatGPT shared page on a chatgpt.com/s/ link. Instead of a real chat conversation, the page shows a fake outage notice. This notice claims that the web version is unavailable due to high traffic and directs users to download the desktop app. The researchers say the site uses cloaking to display content only to targeted victims. When security platforms like URLScan visited the URL, they were shown a harmless AR/VR company website instead. A parallel February 2026 campaign abused Claude.ai Artifacts — Anthropic's feature for sharing rendered applications — to host fake Homebrew installation guides, hitting at least one confirmed government organization.
MITRE ATT&CK Mapping
| Technique | ID | Context |
|---|---|---|
| Phishing: Spearphishing Link | T1598.003 | Malicious links delivered via Google Ads targeting specific user searches |
| Drive-by Compromise | T1189 | Download of malware disguised as legitimate desktop application |
| Social Engineering | T1566.002 | Fake outage notices and application interfaces to deceive users |
IOCs
Domains
openew[.]appFull URL Paths
chatgpt.com/s/* (attacker-controlled share links)
openew[.]app (fake download portal)Splunk Format
"openew[.]app" OR "chatgpt.com/s/* (attacker-controlled share links)" OR "openew[.]app (fake download portal)"Detection Recommendations
Security teams should treat AI platform domains with the same behavioral scrutiny applied to any other third-party content source. The domain being trustworthy does not make the content rendered on it safe. Employee awareness training should be updated to reflect that a URL beginning with chatgpt.com or claude.ai is not by itself a signal that the content is legitimate. Additionally, any executable downloaded from a ChatGPT or Claude shared page should be treated as suspicious, regardless of the explanation provided on screen.
References
- [Push Security] LLMShare: ChatGPT Share Links Deliver Malware (2026-06-01) — https://www.techtimes.com/articles/317528/20260601/chatgpt-share-links-deliver-malware-openai-domain-evading-corporate-web-filters.htm
- [gHacks Tech News] Attackers Abuse ChatGPT Share Links to Host Fake Outage Pages (2026-06-01) — https://www.ghacks.net/2026/06/01/attackers-abuse-chatgpt-share-links-to-host-fake-outage-pages-that-deliver-malware/
- [BleepingComputer] ChatGPT share links abused to host fake outage pages to deliver malware (2026-06-01) — https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/