https://pushsecurity.com/blog/llmshare-malvertising-campaign
Threat actors have found a novel way to abuse ChatGPT’s conversation sharing feature, using publicly accessible share links to host convincing fake outage pages designed to deceive unsuspecting users. The technique takes advantage of the legitimate ChatGPT platform’s credibility, allowing attackers to craft and distribute malicious content through shared conversation links that appear authentic at first glance. Security researchers identified the campaign as a particularly deceptive method of social engineering, given that the links originate from OpenAI’s own domain, making them harder for users and security tools to flag as suspicious.
The fake outage pages are designed to mimic legitimate service disruption notifications, prompting visitors to download what appears to be a fix or update, which in reality delivers malware to the victim’s device. By leveraging a trusted and widely recognised platform like ChatGPT, attackers significantly increase the likelihood that targets will interact with the malicious content without hesitation. The campaign highlights a growing trend of cybercriminals exploiting popular AI platforms as delivery mechanisms for malware, capitalising on the rapid mainstream adoption of these tools.