Attackers Using ChatGPT and Claude to Deliver Malware via Shared Pages

Summary

Security researchers have uncovered an active malware campaign exploiting the shared conversation features of AI chatbot platforms, including ChatGPT and Claude. Attackers create malicious content on these trusted domains and drive traffic through malvertising and SEO poisoning, bypassing URL reputation checks. The latest variant uses ChatGPT's code rendering feature to create fake service disruption pages that redirect to malware downloads, evolving beyond earlier techniques that relied on social engineering with terminal commands.

This attack technique, identified as a variant of InstallFix attacks, exploits the normalization of command-line installation workflows among users unfamiliar with distinguishing legitimate from malicious commands. Shared Claude.ai conversations have been disguised as installation guides with fake Apple Support attribution, while parallel campaigns used ChatGPT conversations to deliver the AMOS infostealer. The current campaign remains active and generates ongoing detections, though users of affected security solutions are protected.

• The technique exploits user unfamiliarity with terminal commands and the normalization of command-line workflows in AI tool adoption

Editorial Opinion

This attack reveals a critical vulnerability in AI platform architecture: features designed for legitimate knowledge-sharing become vectors for sophisticated social engineering. The fact that malware successfully routes through trusted domains like ChatGPT.com and Claude.ai underscores the urgent need for these platforms to enhance monitoring of user-generated content and implement stricter verification of shared pages.