← Back to feed
2026-06-07 PhishingMalware TLP:CLEAR

LLMShare Malware Campaign: ChatGPT/Claude Share Links Host Malware via Fake Outage Pages; Odyssey Stealer Payload

Date: 2026-06-07
Tags: phishing, malware

Executive Summary

Threat actors turned ChatGPT's own content-sharing feature into a malware delivery pipeline, hosting fake service disruption pages directly on chatgpt.com and routing victims there through paid Google search ads. Security firm Push Security disclosed the campaign, which it named LLMShare, on May 29, 2026, confirming it was still generating active detections at the time. Because the attack lands on OpenAI's own domain rather than an attacker-controlled site, it bypasses the URL-reputation checks, corporate firewalls, and personal caution that would stop a conventional phishing page. The technique exploits a design feature—not a software vulnerability—in ChatGPT's sharing system, which means no patch from OpenAI can close it without changing how the product works.

Campaign Summary

FieldDetail
Campaign / MalwareLLMShare - ChatGPT/Claude Share Link Weaponization
AttributionUnknown cybercriminal group (confidence: low)
TargetChatGPT users conducting paid searches for ChatGPT; enterprise users
VectorMalicious content hosted on legitimate OpenAI/Anthropic share links; Google Ads trojan ads; fake outage pages
Statusactive
First Observed2026-05-29

Detailed Findings

A fake outage page sitting inside a real ChatGPT share link feels much more believable than a random phishing site, which lowers suspicion quickly. Clicking the download button on the fake outage page redirects visitors to openew[.]app, a lookalike site designed to mimic OpenAI's official desktop application download portal. It displays OpenAI branding, macOS and Windows download buttons, a Chrome extension link, and a mobile download section. Both Windows and macOS payloads have been confirmed. Windows users receive a credential-stealing malware loader, while Mac users get Odyssey Stealer, a fork of Atomic Stealer (AMOS), a well-known macOS malware family associated with cryptocurrency theft. Clicking the Windows download delivers a fake installer that opens a back channel to an attacker-controlled server. Clicking the macOS button delivers malware that steals browser passwords, cookies, Telegram sessions, cryptocurrency wallets, and other sensitive files.

MITRE ATT&CK Mapping

TechniqueIDContext
PhishingT1566Fake service disruption pages delivered via Google Ads; trojan downloads
MalwareT1589Odyssey Stealer (AMOS fork) and Windows credential-stealing loader
Credential AccessT1110Browser password and cryptocurrency wallet theft

IOCs

Domains

openew.app

Full URL Paths

chatgpt.com/s/* (malicious share links)

Splunk Format

"openew.app" OR "chatgpt.com/s/* (malicious share links)"

Package Indicators

Odyssey Stealer
AMOS (Atomic macOS Stealer)

Detection Recommendations

Audit corporate URL-filtering allow-lists that grant blanket trust to AI platform domains (chatgpt.com, claude.ai) and evaluate whether path-level inspection is needed to distinguish legitimate shared conversations from user-generated malicious content at /s/ paths. Deploy URL reputation analysis on paths within trusted domains. Block or flag Google search ads directing to chatgpt.com/s/ or claude.ai/s/ patterns. Monitor for downloads of fake ChatGPT/Claude desktop applications from non-official domains. Implement endpoint DLP to detect installer execution from lookalike domains. Alert on suspicious loopback connections following download of allegedly "legitimate" AI tools.

References