ChatGPT and Claude Exploited as Malware Delivery Platforms in New Attack Campaign

Key Takeaways

▸Attackers are abusing shared conversation features on ChatGPT and Claude as delivery mechanisms for malware, exploiting the trust placed in legitimate AI platform domains
▸New attack variants use ChatGPT's code rendering feature to create fully designed fake error pages hosted at chatgpt.com/s/ URLs that appear to be legitimate service notices
▸The fake pages redirect users to convincing clones of ChatGPT's official download page that deliver malicious executables, completely bypassing URL reputation checks

Source:

Hacker Newshttps://pushsecurity.com/blog/llmshare-malvertising-campaign↗

Summary

Security researchers have discovered a sophisticated attack campaign targeting users of ChatGPT and Claude, exploiting the shared conversation features of both platforms to deliver malware. Attackers leverage the inherent trust users place in legitimate domains like chatgpt.com and claude.ai to bypass URL reputation checks, using social engineering tactics to trick victims into executing malicious commands or downloading compromised software. Recent variants have evolved to use ChatGPT's code rendering feature to create convincing fake error pages that mimic ChatGPT service disruptions, redirecting users to clones of the official download page that deliver infostealer malware targeting both macOS and Windows systems. The campaign, first documented by researchers at Kaspersky and Push Security, represents a new class of attacks known as InstallFix—a variant of ClickFix—that exploits the normalization of command-line installation workflows among users unfamiliar with distinguishing legitimate terminal commands from malicious ones.

Both macOS and Windows users are targeted with infostealer malware, with multiple variants documented including the AMOS (Atomic macOS Stealer) campaign
The attacks exploit the normalization of command-line installation workflows, targeting users who lack the technical experience to distinguish legitimate from malicious terminal commands

Editorial Opinion

This campaign exposes a critical vulnerability in the trust model that users place in AI platform domains. By hosting malicious content on chatgpt.com and claude.ai, attackers have weaponized the reputation and legitimacy these platforms have worked hard to build. As AI chatbots become increasingly central to user workflows, both OpenAI and Anthropic must implement stronger protections against abuse of content-sharing features, including better detection of malicious conversations and stricter controls on rendered code. The threat underscores a broader challenge: the more trusted and widely used a domain becomes, the more attractive it becomes as a target for attackers.

ChatGPT and Claude Exploited as Malware Delivery Platforms in New Attack Campaign

Key Takeaways

▸Attackers are abusing shared conversation features on ChatGPT and Claude as delivery mechanisms for malware, exploiting the trust placed in legitimate AI platform domains
▸New attack variants use ChatGPT's code rendering feature to create fully designed fake error pages hosted at chatgpt.com/s/ URLs that appear to be legitimate service notices
▸The fake pages redirect users to convincing clones of ChatGPT's official download page that deliver malicious executables, completely bypassing URL reputation checks

Summary

Both macOS and Windows users are targeted with infostealer malware, with multiple variants documented including the AMOS (Atomic macOS Stealer) campaign
The attacks exploit the normalization of command-line installation workflows, targeting users who lack the technical experience to distinguish legitimate from malicious terminal commands

Editorial Opinion

This campaign exposes a critical vulnerability in the trust model that users place in AI platform domains. By hosting malicious content on chatgpt.com and claude.ai, attackers have weaponized the reputation and legitimacy these platforms have worked hard to build. As AI chatbots become increasingly central to user workflows, both OpenAI and Anthropic must implement stronger protections against abuse of content-sharing features, including better detection of malicious conversations and stricter controls on rendered code. The threat underscores a broader challenge: the more trusted and widely used a domain becomes, the more attractive it becomes as a target for attackers.

ChatGPT and Claude Exploited as Malware Delivery Platforms in New Attack Campaign

Key Takeaways

Summary

Editorial Opinion

More from Anthropic

AI-Generated Film 'Dreams of Violets' Makes Historic Tribeca Premiere

CVE-Bench: New Benchmark Tests Whether AI Can Actually Fix Real-World Security Vulnerabilities

Study Exposes 37 Dark Patterns Exploiting Users in AI Chatbots from OpenAI, Google, Anthropic, Meta, and Others

Comments

Suggested

Using LLMs to Accelerate Open Source Rewrites: Architect's CRIU-in-Zig Project Demonstrates AI's Impact on Infrastructure Modernization

Apple and Google Strike Deal to Bring Gemini-Powered Siri to iPhone

Microsoft Launches Copilot Health, AI-Powered Medical Data Assistant

ChatGPT and Claude Exploited as Malware Delivery Platforms in New Attack Campaign

Key Takeaways

Summary

Editorial Opinion

More from Anthropic

AI-Generated Film 'Dreams of Violets' Makes Historic Tribeca Premiere

CVE-Bench: New Benchmark Tests Whether AI Can Actually Fix Real-World Security Vulnerabilities

Study Exposes 37 Dark Patterns Exploiting Users in AI Chatbots from OpenAI, Google, Anthropic, Meta, and Others

Comments

Suggested

Using LLMs to Accelerate Open Source Rewrites: Architect's CRIU-in-Zig Project Demonstrates AI's Impact on Infrastructure Modernization

Apple and Google Strike Deal to Bring Gemini-Powered Siri to iPhone

Microsoft Launches Copilot Health, AI-Powered Medical Data Assistant