In a nutshell: Attackers abuse chat-sharing functions of ChatGPT and Claude to render convincingly authentic outage pages and distribute malware through trusted domains that bypass conventional security filters.
Security analysts at Push Security have documented a coordinated attack campaign named LLMShare that exploits official chat-sharing functions of ChatGPT and Claude to inject malware into corporate networks. The method circumvents conventional IT security filters by leveraging trust in the domains chatgpt.com and claude.ai.
The LLMShare campaign exploits the code-rendering functionality within ChatGPT’s chat-sharing feature. Attackers structure prompts so that the chatbot generates a complete, convincingly authentic webpage using HTML and CSS that simulates an OpenAI system outage notification. When the manipulated sharing link is accessed, the user does not see a normal chat view, but rather a fake notification that feigns a system overload.
The technical success of the campaign relies on exploiting trust mechanisms: since chatgpt.com and claude.ai are by default classified as trustworthy in reputation databases and secure browser filters, conventional protection systems do not block access. The attackers additionally use search engine poisoning and manipulated search results to direct potential victims to these legitimate domains. For average users, it remains discernible that the content is generated HTML, only by the automatically provided ChatGPT system buttons for viewing source code or remixing the prompt.
The integrated download button on the fake outage page redirects to the domain openew.app, a precise clone of the official OpenAI download platform complete with logos and apparently legitimate installation instructions. The download infrastructure is dual-designed: Windows users receive a loader that steals passwords, browser data, and session cookies. macOS users receive Odyssey Stealer, a modified variant of the infostealer AMOS, which specializes in extracting crypto wallets, passwords, and Telegram sessions. Odyssey Stealer also attempts to replace physical crypto wallet apps with compromised versions to redirect financial transactions.
To protect against detection by security and IT teams, the operators deploy advanced cloaking techniques. Servers at openew.app differentiate between genuine user requests and automated scanner access to evade analysis tools.
Source: www.it-daily.net · Published June 2, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.8.