BotBeat
...
← Back

> ▌

OpenAIOpenAI
RESEARCHOpenAI2026-05-31

Attackers Using ChatGPT and Claude to Deliver Malware via Shared Pages

Key Takeaways

  • ▸Attackers exploit the inherent trust in ChatGPT.com and Claude.ai domains to bypass URL reputation security checks, hosting malware delivery pages on legitimate platforms
  • ▸The attack has evolved from simple terminal command sharing to sophisticated fake web pages using ChatGPT's code rendering feature, creating convincing mimics of legitimate service pages
  • ▸Both macOS and Windows users are targeted, with malware variants including infostealers like AMOS actively delivering threats via malvertising and SEO poisoning
Source:
Hacker Newshttps://pushsecurity.com/blog/llmshare-malvertising-campaign↗

Summary

Security researchers have uncovered an active malware campaign exploiting the shared conversation features of AI chatbot platforms, including ChatGPT and Claude. Attackers create malicious content on these trusted domains and drive traffic through malvertising and SEO poisoning, bypassing URL reputation checks. The latest variant uses ChatGPT's code rendering feature to create fake service disruption pages that redirect to malware downloads, evolving beyond earlier techniques that relied on social engineering with terminal commands.

This attack technique, identified as a variant of InstallFix attacks, exploits the normalization of command-line installation workflows among users unfamiliar with distinguishing legitimate from malicious commands. Shared Claude.ai conversations have been disguised as installation guides with fake Apple Support attribution, while parallel campaigns used ChatGPT conversations to deliver the AMOS infostealer. The current campaign remains active and generates ongoing detections, though users of affected security solutions are protected.

  • The technique exploits user unfamiliarity with terminal commands and the normalization of command-line workflows in AI tool adoption

Editorial Opinion

This attack reveals a critical vulnerability in AI platform architecture: features designed for legitimate knowledge-sharing become vectors for sophisticated social engineering. The fact that malware successfully routes through trusted domains like ChatGPT.com and Claude.ai underscores the urgent need for these platforms to enhance monitoring of user-generated content and implement stricter verification of shared pages.

Generative AICybersecurityPrivacy & DataMisinformation & Deepfakes

More from OpenAI

OpenAIOpenAI
PRODUCT LAUNCH

OpenAI Launches Codex Micro: A Hardware Control Pad for Managing AI Agents

2026-07-15
OpenAIOpenAI
PRODUCT LAUNCH

OpenAI Launches First Branded Hardware: The Codex Micro Keyboard

2026-07-15
OpenAIOpenAI
POLICY & REGULATION

Name Mix-Up in Apple Lawsuit Reveals OpenAI Did Respond to Trade Secret Concerns

2026-07-15

Comments

Suggested

AnthropicAnthropic
FUNDING & BUSINESS

Anthropic to IPO as Early as October

2026-07-15
Thinking Machines LabThinking Machines Lab
OPEN SOURCE

Thinking Machines Releases 975B-Parameter Open-Weights Multimodal Model

2026-07-15
IBMIBM
PRODUCT LAUNCH

IBM Launches Power S1112 Edge Server and Autonomous Infrastructure Suite for Enterprise AI Deployment

2026-07-15
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us