LLMShare: ChatGPT and Claude Share Links Weaponized for Malware via Google Ads and Fake Outage Pages
Date: 2026-06-06
Tags: phishing, malicious-tool
Executive Summary
ChatGPT share links host fake outage pages on OpenAI's genuine domain to distribute malware via Google ads, with attackers building pixel-perfect fake ChatGPT outage notices using ChatGPT's rendering capability. Push Security confirmed active detections on May 29, 2026. The technique exploits a design feature—not a software vulnerability—in ChatGPT's sharing system, meaning no patch from OpenAI can close it without changing product design.
Campaign Summary
| Field | Detail |
|---|---|
| Campaign / Malware | LLMShare |
| Attribution | Unknown (coordinated malvertising group) (confidence: low) |
| Target | ChatGPT and Claude users searching for installation guides; geographically scoped and role-targeted via Google ads |
| Vector | Malicious Google ads → chatgpt.com/s/ legitimate share link → fake outage page with custom HTML/CSS → download redirect to openew[.]app malware clone |
| Status | active |
| First Observed | 2026-05-29 |
Detailed Findings
ChatGPT allows users to share conversations through public links in the format chatgpt.com/s/[unique-id], renders HTML and CSS code for developers to preview web layouts, and attackers used this rendering capability to build a pixel-perfect fake ChatGPT outage notice with OpenAI branding, polished error message, and prominent download button published as a standard share link. A parallel February 2026 campaign abused Claude.ai Artifacts to host fake Homebrew installation guides, hitting at least one confirmed government organization. LLMShare is part of a pattern that has become a defining characteristic of the 2026 threat landscape, with both ChatGPT and Claude variants surfacing in the same wave of customer detections suggesting a coordinated campaign or shared operational playbook actively experimenting across platforms. The download site at openew[.]app uses cloaking techniques to show malicious content only to specific targets; when security tools like URLScan visit, they see a harmless AR/VR website instead of the fake download page; the site offers downloads for both macOS and Windows that install malware.
MITRE ATT&CK Mapping
| Technique | ID | Context |
|---|---|---|
| Spearphishing Link | T1566.002 | Malicious Google ads directing to trusted domain share links containing malware delivery lures |
| Fake Credentials | T1589.001 | Fake outage notice and cloned download portal impersonate legitimate OpenAI/Anthropic interfaces |
| Malware | T1588.001 | Trojanized desktop application delivered via cloaked download portal |
IOCs
Domains
openew[.]appFull URL Paths
chatgpt.com/s/ (legitimate domain, malicious share content)Splunk Format
"openew[.]app" OR "chatgpt.com/s/ (legitimate domain, malicious share content)"Detection Recommendations
Block malvertising by monitoring for ads to chatgpt.com/s/ and claude.ai/artifacts share links; alert on downloads of executables from chatgpt.com/s/ links (legitimate users do not download executables from share links); deploy email and browser warnings for downloads impersonating OpenAI/Anthropic; OSINT monitor for openew[.] and related typosquatter domains serving desktop app clones; threat intel teams: track cloaking infrastructure patterns used in this campaign for reuse in other LLM-based fraud.
References
- [Push Security] ChatGPT Share Links Deliver Malware From OpenAI Domain, Evading Corporate Web Filters (2026-06-01) — https://www.techtimes.com/articles/317528/20260601/chatgpt-share-links-deliver-malware-openai-domain-evading-corporate-web-filters.htm
- [gHacks Tech News] Attackers Abuse ChatGPT Share Links to Host Fake Outage Pages That Deliver Malware (2026-06-01) — https://www.ghacks.net/2026/06/01/attackers-abuse-chatgpt-share-links-to-host-fake-outage-pages-that-deliver-malware/
- [Infosecurity Magazine] Attackers Abuse Shared Content for ChatGPT Phishing Campaign (2026-06-01) — https://www.infosecurity-magazine.com/news/attackers-shared-content-chatgpt/