Threat actors are exploiting ChatGPT Content sharing feature to set up fake OpenAI outage pages. These pages direct users to download malware disguised as the ChatGPT desktop application.
The campaign, called “LLMShare” and discovered by Push Security, uses Google ads to direct users to a malicious ChatGPT shared page hosted on the legitimate chatgpt.com domain.
Since the honeypot is delivered via a genuine OpenAI URL, it avoids the usual warning signs of attacker-controlled phishing infrastructure.
How the ChatGPT false interrupt attack works
The campaign relies on the ability to publish custom rendered HTML via ChatGPT’s sharing feature.
- The attackers purchase Google ads targeting users searching for ChatGPT and clicking on the ad takes them to what appears to be a legitimate ChatGPT shared page on a chatgpt.com/s/ link.
- Instead of a real chat conversation, the page displays a fake interruption notice.
- This notice states that the web version is unavailable due to high traffic and directs users to download the desktop app.
- Clicking the download button redirects you to openew(.)app, a site posing as the official OpenAI desktop download portal.
The fake outage message says: “We are experiencing a lot of traffic at the moment. Our website is temporarily unavailable due to a large number of users. Please download our desktop app to continue.”
This custom kill notice is generated from HTML and CSS represented by a ChatGPT message. Push Security noted that the page includes “Show Code” and “Remix with ChatGPT” controls, indicating that the outage notice is not a genuine system message but rather a custom rendered artifact.
How cloaking hides malware from security scanners
The download site on openew(.)application uses cloaking techniques to display malicious content only to specific targets. When security tools like URLScan visited the site, they saw a harmless website for an AR/VR company instead of a fake download page.
The site offers downloads for both macOS and Windows that install malware. The exact payload is still unclear, but previous campaigns exploiting the sharing features of AI platforms have distributed information-stealing malware.
BleepingComputer’s testing of the Windows version revealed that it runs commands to check whether the device is a real computer or a virtual machine, a common tactic to avoid automated analysis.
How to Avoid These ChatGPT Fake Outage Malware Attacks
Users looking for ChatGPT or any AI application should follow these 4 security tips:
- Avoid clicking on sponsored search ads for software downloads. Instead, go directly to the official website.
- Be wary of any “stop” pages that ask you to download a desktop app to continue. Legitimate services do not redirect users to downloads during outages.
- Download desktop apps only from official sites of authorized app stores or vendors, not from links found in advertisements or shared pages.
- Be wary of ChatGPT or Claude shared links that display a download message or installation instructions, as they are likely suspicious and are usually user-created content rather than official messages.
The Widest Pattern of Abusing AI Sharing Features to Spread Malware
The LLMShare campaign is part of a growing pattern of exploiting sharing features of AI platforms to spread malware. Push Security also observed attacks that misused Claude Artifacts, an Anthropic feature that allows sharing of rendered applications, to host ClickFix-style honeypots that trick users into executing malicious commands.
In early 2026, threat actors used Google ads to direct users searching for Claude downloads to shared Claude conversations containing malicious installation instructions. Other campaigns misused shared ChatGPT and Grok conversations to carry out ClickFix attacks, posing as legitimate software installation guides.
The main problem is that content shared through artificial intelligence platforms appears to come from a trusted domain, even though it is completely controlled by attackers. Users should treat the rendering function as untrusted user-generated content and not as an official message from the platform.
Anthropic and OpenAI have not publicly shared specific steps to address abuse of their sharing features in this campaign. Users should be wary of any download messages found through shared AI chat links.
