Forensic Summary
Threat actors are exploiting ChatGPT's legitimate content-sharing infrastructure to host convincing fake outage pages that trick users into downloading malware disguised as a ChatGPT desktop application. The 'LLMShare' campaign abuses chatgpt.com/s/ shared links to render attacker-crafted HTML within a trusted OpenAI domain, bypassing traditional phishing detection that relies on suspicious URL analysis. The attack chain combines Google ad abuse, domain cloaking, and AI platform misuse to deliver what are likely infostealer payloads.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/llmshare-campaign-weaponises-chatgpt-sharing-feature-to-distribute-malware/
Top comments (0)