June 2, 2026 Cybercriminals are exploiting ChatGPT’s content-sharing feature to distribute malware through convincing fake outage notices hosted on OpenAI’s own domain. The campaign, dubbed “LLMShare” by security researchers at Push Security, uses Google advertisements and legitimate ChatGPT sharing links to trick users into downloading malicious software disguised as the ChatGPT desktop application.

The attack begins when users search for ChatGPT and click on a malicious Google advertisement. Instead of being taken to a fake website immediately, victims land on what appears to be a legitimate shared ChatGPT page hosted on the official chatgpt.com domain.

At first glance, the page looks trustworthy because it is served directly from OpenAI’s website. However, rather than displaying a shared conversation, the page presents a fabricated service disruption message.

“We’re experiencing high traffic right now,” the message states.

“Our website is temporarily unavailable due to a large number of users. Download our desktop app to continue.”

The technique is notable because the fake outage notice is not hosted on attacker-controlled infrastructure. Instead, it is rendered through ChatGPT itself.

According to Push Security, the attackers created a custom HTML page using ChatGPT’s rendering capabilities and then published it through a shared chatgpt.com/s/ link. As a result, users see the fraudulent message while remaining on a legitimate OpenAI URL, making the scam appear far more credible than a traditional phishing site.

Researchers noted that the page contains controls such as “Show code” and “Remix with ChatGPT,” which reveal that the outage notice is actually generated from custom HTML and CSS rendered through a ChatGPT prompt.

That approach allows attackers to leverage OpenAI’s trusted domain reputation while presenting content designed to deceive visitors.

The next stage of the attack occurs when users click the download button displayed on the fake outage page.

Victims are redirected to a website identified as openew[.]app, which impersonates OpenAI’s desktop application download portal. The site is designed to look like a legitimate software download page and offers both Windows and macOS installers.

Researchers say the operation employs cloaking techniques to avoid detection.

When security analysis services such as URLScan visited the website, they were reportedly shown an unrelated and harmless augmented reality and virtual reality company website. This means security researchers and automated scanning tools may see different content than actual victims, making the campaign harder to detect and investigate.

Users targeted by the campaign, however, are presented with download links that install malware.

Push Security did not identify the final malware payloads being distributed, but researchers noted that similar campaigns involving AI platforms have previously delivered information-stealing malware designed to harvest credentials, financial data, and other sensitive information from infected devices.

Further analysis of the Windows version revealed additional suspicious behavior.

BleepingComputer tested the malware sample in the Any.Run analysis environment and found that it executed multiple commands intended to determine whether it was running on a real computer or inside a virtual machine. Such checks are commonly used by malware authors to evade detection by researchers and automated security tools.

The ChatGPT campaign is not the only example of attackers abusing AI platform sharing features.

Push Security also observed threat actors misusing Claude Artifacts, a content-sharing feature developed by Anthropic, to host ClickFix-style attacks. These attacks attempt to convince users to run malicious commands themselves, often under the guise of fixing software problems or installing applications.

Researchers say AI sharing features have become an increasingly attractive target for cybercriminals because they allow malicious content to be delivered through trusted domains and reputable platforms.

Earlier this year, attackers used Google advertisements to direct users searching for Claude downloads toward shared Claude conversations that contained malicious installation instructions.

Other campaigns abused shared conversations on ChatGPT and xAI’s Grok platform. In those cases, attackers disguised malware delivery schemes as software installation guides and convinced victims to execute commands that infected their own systems.