Risk actors are abusing ChatGPT’s content-sharing characteristic to show faux OpenAI outage pages that direct customers to obtain malware disguised because the ChatGPT desktop utility.
The “LLMShare” marketing campaign, found by Push Safety, makes use of Google adverts to direct customers looking for ChatGPT to a malicious shared ChatGPT web page hosted on chatgpt.com, permitting the assault to be delivered by a reputable OpenAI area.
Customers who click on the commercial are taken to a reputable ChatGPT shared web page, however as an alternative of seeing a chat dialog, they’re introduced with a rendered outage discover claiming the online model is unavailable and that they need to obtain the desktop utility as an alternative.
“We’re experiencing excessive site visitors proper now,” reads the faux outage message.
“Our web site is briefly unavailable as a consequence of numerous customers. Obtain our desktop app to proceed.”
Not like conventional phishing pages hosted on attacker-controlled infrastructure, the faux outage discover is rendered by ChatGPT itself.Â
The attackers created a customized HTML web page utilizing ChatGPT’s rendering capabilities and printed it by a shared chatgpt.com/s/ hyperlink, permitting the faux outage discover to be displayed from a reputable ChatGPT URL.
Push Safety famous that the web page consists of “Present code” and “Remix with ChatGPT” controls, revealing that the faux outage discover is definitely generated from customized HTML and CSS rendered by a ChatGPT immediate.
If the customer clicks on the obtain button, they’re dropped at an internet site at openew[.]app that impersonates OpenAI’s desktop utility obtain portal.Â
The researchers say the positioning makes use of cloaking to show content material solely to focused victims. When safety platforms like URLScan visited the URL, they had been proven a innocent AR/VR firm web site as an alternative.
The web site presents each macOS [VirusTotal] and Home windows [VirusTotal] downloads that set up malware on gadgets. Whereas it’s unclear what payloads are finally deployed, earlier campaigns abusing AI platform sharing options have distributed infostealers.
BleepingComputer’s check of the Home windows model on Any.Run discovered that it executes numerous instructions to find out whether or not the system is a reputable laptop or a digital machine.
Push Safety additionally noticed assaults abusing Claude Artifacts, Anthropic’s characteristic for sharing rendered functions and content material, to host ClickFix-style lures that tricked customers into executing malicious instructions.
AI platforms’ sharing options have been abused previously to distribute malware to unsuspecting victims.
Earlier this yr, menace actors used Google commercials to direct customers looking for Claude downloads to shared Claude conversations containing malicious set up directions.
Different campaigns abused shared ChatGPT and Grok conversations that performed ClickFix assaults by impersonating software program set up guides that instructed victims to execute instructions that put in malware.
Automated pentesting instruments ship actual worth, however they had been constructed to reply one query: can an attacker transfer by the community? They weren’t constructed to check whether or not your controls block threats, your detection guidelines fireplace, or your cloud configs maintain.
This information covers the 6 surfaces you really have to validate.
