ChatGPT share – Threat actors are abusing ChatGPT’s share feature to post fake OpenAI outage pages on legitimate chatgpt.com links, pushing visitors to a spoofed “desktop app” download portal that installs malware. The campaign—dubbed “LLMShare”—uses Google ads and cloaking,
For a brief moment, the message looks like it belongs to OpenAI.
A visitor who clicks a Google ad meant for ChatGPT lands on a legitimate shared page under chatgpt.com/s/. Instead of a conversation. they see a rendered outage notice—clean. familiar. and urgent—claiming the web version is unavailable because traffic is “high right now.” The page adds a directive: download the desktop application to keep going.
That instruction is the trap.
The campaign. discovered by Push Security. is dubbed “LLMShare.” It works by abusing ChatGPT’s content-sharing feature to host a custom HTML “outage” page that’s displayed through ChatGPT’s own rendering system. Unlike phishing sites that live entirely on attacker-controlled domains. the fake notice is generated through a ChatGPT prompt and published via a shared chatgpt.com link—meaning the first hop looks like it’s coming from a legitimate OpenAI domain.
Push Security says the shared page includes “Show code” and “Remix with ChatGPT” controls. Those controls, in turn, reveal that the outage screen isn’t just a static image—it’s custom HTML and CSS rendered using ChatGPT’s capabilities.
If someone clicks the download button, they’re sent to openew[.]app, a website designed to impersonate OpenAI’s desktop application download portal.
From there, the mechanics get darker. The researchers report that openew[.]app uses cloaking—showing different content depending on who is visiting. When security testing tools like URLScan visited the URL, they were shown a harmless AR/VR company website instead.
But for targeted victims, the page offers downloads disguised as the OpenAI desktop app. The site provides both macOS and Windows links that lead to VirusTotal-branded download endpoints—each intended to install malware on the device. Push Security says it isn’t clear what exact payloads are ultimately delivered. Still, it points to earlier campaigns abusing AI platform sharing features that distributed infostealers.
Testing of the Windows version underscores that uncertainty can still be actionable. BleepingComputer’s test of the Windows download on Any.Run found it executes commands designed to determine whether the device is a legitimate computer or a virtual machine.
The report also connects the broader pattern. Push Security observed similar abuse of Claude Artifacts, an Anthropic feature for sharing rendered applications and content. In those cases, attackers hosted ClickFix-style lures—trick pages that push users toward executing malicious commands.
AI platforms’ sharing features have been targeted before. Earlier this year. threat actors used Google ads to direct users searching for Claude downloads to shared Claude conversations containing malicious installation instructions. Other campaigns abused shared ChatGPT and Grok conversations to run ClickFix-style attacks by impersonating software installation guides that told victims to execute commands—commands that installed malware.
The through-line in all of it is unsettling because it’s simple: a user is drawn in by what looks like a normal product workflow—an outage notice, a desktop download button, a familiar interface—and the rest is handled by abuse of the platform’s own sharing and rendering systems.
ChatGPT share links LLMShare campaign fake outage page malware delivery openew.app Google ads cloaking Push Security Any.Run ClickFix
So basically the link looks legit and then it’s malware? Love that for us.
I don’t even get how “share” can post like an outage page?? Sounds like people are getting tricked into downloading random apps. Also Google ads doing this is wild. I feel like tech companies should be blocking that immediately.
Wait reply_to 1—so the malware download portal is like openew dot app or whatever… but isn’t chatgpt desktop from OpenAI? If it’s on chatgpt.com/s/ then shouldn’t it be safe? Either I’m missing something or they’re blaming the wrong thing like “traffic is high” is the scam part lol
I swear these hacks always use the same playbook: fake outage, “download to keep going,” then boom. But didn’t we already have malware like this years ago? Why is it still possible to remix/share and suddenly it’s an HTML page?? Also “cloaking” sounds like those websites that show different stuff to robots, like URLScan being shown some harmless AR/VR company… so targeted people get the real trap. Smh.