BotBeat
...
← Back

> ▌

AnthropicAnthropic
INDUSTRY REPORTAnthropic2026-05-30

ChatGPT and Claude Exploited as Malware Delivery Platforms in New Attack Campaign

Key Takeaways

  • ▸Attackers are abusing shared conversation features on ChatGPT and Claude as delivery mechanisms for malware, exploiting the trust placed in legitimate AI platform domains
  • ▸New attack variants use ChatGPT's code rendering feature to create fully designed fake error pages hosted at chatgpt.com/s/ URLs that appear to be legitimate service notices
  • ▸The fake pages redirect users to convincing clones of ChatGPT's official download page that deliver malicious executables, completely bypassing URL reputation checks
Source:
Hacker Newshttps://pushsecurity.com/blog/llmshare-malvertising-campaign↗

Summary

Security researchers have discovered a sophisticated attack campaign targeting users of ChatGPT and Claude, exploiting the shared conversation features of both platforms to deliver malware. Attackers leverage the inherent trust users place in legitimate domains like chatgpt.com and claude.ai to bypass URL reputation checks, using social engineering tactics to trick victims into executing malicious commands or downloading compromised software. Recent variants have evolved to use ChatGPT's code rendering feature to create convincing fake error pages that mimic ChatGPT service disruptions, redirecting users to clones of the official download page that deliver infostealer malware targeting both macOS and Windows systems. The campaign, first documented by researchers at Kaspersky and Push Security, represents a new class of attacks known as InstallFix—a variant of ClickFix—that exploits the normalization of command-line installation workflows among users unfamiliar with distinguishing legitimate terminal commands from malicious ones.

  • Both macOS and Windows users are targeted with infostealer malware, with multiple variants documented including the AMOS (Atomic macOS Stealer) campaign
  • The attacks exploit the normalization of command-line installation workflows, targeting users who lack the technical experience to distinguish legitimate from malicious terminal commands

Editorial Opinion

This campaign exposes a critical vulnerability in the trust model that users place in AI platform domains. By hosting malicious content on chatgpt.com and claude.ai, attackers have weaponized the reputation and legitimacy these platforms have worked hard to build. As AI chatbots become increasingly central to user workflows, both OpenAI and Anthropic must implement stronger protections against abuse of content-sharing features, including better detection of malicious conversations and stricter controls on rendered code. The threat underscores a broader challenge: the more trusted and widely used a domain becomes, the more attractive it becomes as a target for attackers.

Generative AICybersecurityPrivacy & DataMisinformation & Deepfakes

More from Anthropic

AnthropicAnthropic
PRODUCT LAUNCH

Anthropic Launches Claude for Teachers with Free Premium Access and K-12 Ecosystem Integration

2026-07-14
AnthropicAnthropic
PARTNERSHIP

Hookami Brings YouTube Research Intelligence to Claude and ChatGPT via MCP

2026-07-14
AnthropicAnthropic
PARTNERSHIP

Anthropic Invests $10M in Canadian AI Research, Launches Partnerships with Leading Institutions

2026-07-14

Comments

Suggested

AnthropicAnthropic
PRODUCT LAUNCH

Anthropic Launches Claude for Teachers with Free Premium Access and K-12 Ecosystem Integration

2026-07-14
OpenAIOpenAI
PRODUCT LAUNCH

OpenAI Makes Bold Healthcare Push With New Products and Hospital Partnerships

2026-07-14
Tracebit ResearchTracebit Research
RESEARCH

Tracebit Researchers Introduce 'Context Bombs' to Halt Autonomous AI Agent Cyberattacks

2026-07-14
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us