Attackers are using legitimate ChatGPT share links to show fake OpenAI outage notices that tell people to download a bogus ChatGPT desktop app. Push Security says the LLMShare campaign buys Google ads for ChatGPT searches, serves the lure from chatgpt.com/s/ pages rendered with custom HTML and CSS inside ChatGPT, then redirects victims to openew[.]app, which offers cloaked Windows and macOS malware downloads; the Windows sample checks whether it is running on a real device or a virtual machine.
Why it matters: This matters because the scam is hosted partly on a real OpenAI domain, making it more convincing to ordinary users and harder for defenders to spot. Users should avoid sponsored results for AI tools, download apps only from the official vendor site or app store, and security teams should monitor for chatgpt.com share-link abuse and block the impersonation domain.
Lawrence Abrams
2026.05.29
100% relevant
This article establishes a distinct campaign centered on abuse of ChatGPT's share-link feature and Google ads to distribute malware via fake outage pages, not the same underlying event as any tracked story.
← Back to all stories