Threat actors are exploiting the content-sharing feature of ChatGPT to set up fake OpenAI outage pages. These pages instruct users to download malware disguised as the ChatGPT desktop app.
The campaign, called “LLMShare” and exposed by Push Security, uses Google ads to drive users to a malicious shared ChatGPT page hosted on the legitimate ChatGPT.com domain.
Since the lure is delivered via a genuine OpenAI URL, it avoids the usual warning signs of phishing infrastructure controlled by the attackers.
How ChatGPT Fake Outage Attack Works
The campaign relies on the ability to publish custom-rendered HTML through ChatGPT’s sharing feature.
- The attackers purchase Google ads targeting users searching for ChatGPT, and clicking the ad takes them to a legitimate ChatGPT share page at the chatgpt.com/s/ link.
- Instead of a real chat conversation, the page shows a fake outage notice.
- The notice claims that the web version is unavailable due to high traffic and directs users to download the desktop app.
- Clicking on download button redirects to openew[.]app, a site that impersonates OpenAI’s official desktop download portal.
The fake outage message reads: “We are experiencing high traffic right now. Due to the large number of users our website is temporarily unavailable. Download our desktop app to continue.”
This custom outage notice is generated from HTML and CSS served by the ChatGPT prompt. Push Security observed that the page included “Show Code” and “Remix with ChatGPT” controls, indicating that the outage notice is not an actual system message but a custom-rendered artifact.
How Cloaking Hides Malware from Security Scanners
download site on openew[.]The app uses cloaking techniques to show malicious content only to specific targets. When security tools like URLScan visited the site, they saw a harmless website for an AR/VR company instead of a fake download page.
The site offers downloads for both macOS and Windows that install malware. The exact payload is unclear, but earlier campaigns exploiting AI platform sharing features have distributed Infostealer malware.
Testing of the Windows version of BleepingComputer revealed that it runs commands to check whether the device is a real computer or a virtual machine, a common strategy to avoid automated analysis.
How to Avoid These ChatGPT Fake Outage Malware Attacks
Users looking to use ChatGPT or any AI application should follow these 4 security tips:
- Avoid clicking on sponsored search ads for software downloads. Instead, go directly to the official website.
- Be wary of any “outage” page that prompts you to download the desktop application to continue. Legitimate services do not redirect users to downloads during outages.
- Download desktop applications only from official vendor sites or authorized app stores, not from links found in advertisements or shared pages.
- Be wary of any shared ChatGPT or cloud links that show download prompts or installation instructions, as they are likely to be suspicious and usually contain user-generated content rather than official messages.
Widespread pattern of abusing AI sharing features to spread malware
The LLMShare campaign is part of a growing pattern of exploiting AI platform sharing features to spread malware. Push Security also observed attacks abusing cloud artifacts, a feature of Anthropic that enables sharing of rendered applications, to host ClickFix-style lures that trick users into executing malicious commands.
Earlier in 2026, threat actors used Google ads to direct users searching for cloud downloads to shared cloud conversations containing malicious installation instructions. Other campaigns misused shared ChatGPT and Grok conversations to carry out ClickFix attacks, impersonating legitimate software installation guides.
The main problem is that content shared through AI platforms appears to come from a trusted domain, even if it is completely controlled by the attackers. Users should treat the rendering feature as untrusted user-generated content rather than official platform messaging.
Anthropic and OpenAI have not publicly shared specific steps to address the misuse of their shared features in this campaign. Users should be wary of any download prompts coming through shared AI conversation links.
