Full Report
Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]
Analysis Summary
# Tool/Technique: LLMShare (ChatGPT Content-Sharing Abuse)
## Overview
This technique involves abusing the legitimate "shared link" feature of Large Language Models (LLMs)—specifically ChatGPT—to host malicious lures. Threat actors use the platform's ability to render custom HTML and CSS to create fake system outage notifications. This allows the attacker to host a phishing lure on a trusted domain (`chatgpt.com`), bypassing many security filters that rely on domain reputation.
## Technical Details
- **Type**: Technique / Social Engineering Vector
- **Platform**: Cross-platform (Windows and macOS payloads identified)
- **Capabilities**: Domain reputation hijacking, HTML/CSS rendering abuse, user redirection, and cloaking.
- **First Seen**: May 2024 (Reported by Push Security)
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- [T1566.002 - Phishing: Spearphishing Link]
- [T1583.003 - Acquire Infrastructure: Web Domains] (Abuse of legitimate SaaS domains)
- **[TA0002 - Execution]**
- [T1204.001 - User Execution: Malicious Link]
- [T1204.002 - User Execution: Malicious File]
- **[TA0005 - Defense Evasion]**
- [T1564 - Hide Artifacts] (Cloaking to hide malicious content from scanners)
- [T1497 - Virtualization/Sandbox Evasion] (Payload checks for VM environments)
## Functionality
### Core Capabilities
- **Reputation Hijacking**: Leverages the high trust score of `chatgpt.com` to deliver malicious content.
- **Dynamic Rendering**: Uses ChatGPT’s features to render a fake "Outage" UI that looks like an official OpenAI maintenance page.
- **Traffic Redirection**: Includes call-to-action buttons (e.g., "Download Desktop App") that redirect victims to attacker-controlled domains.
### Advanced Features
- **Cloaking**: The secondary landing page (e.g., `openew[.]app`) detects the visitor's nature. It serves a benign website to automated scanners (like URLScan) while serving the malware downloader to live human targets.
- **Environment Awareness**: The downloaded malware executes commands to detect Sandbox/Virtual Machine environments to prevent analysis.
## Indicators of Compromise
- **File Hashes**:
- **SHA256 (macOS)**: `7e5b708f6659b1fad3aae7b589a706434fbf21708aeec5af5910189b96e25fef`
- **SHA256 (Windows)**: `641526a22667a527290aac8c2c0358265d85c83318a7caca7cff28cecc2dbc16`
- **File Names**: `ChatGPT_Desktop_Setup.exe` (or similar variants)
- **Network Indicators**:
- `openew[.]app` (Malicious landing page)
- `chatgpt[.]com/s/[unique_id]` (Legitimate but abused sharing URLs)
- **Behavioral Indicators**: Execution of system commands to check for virtualization or debugging environments upon initial launch.
## Associated Threat Actors
- Unknown (Current campaigns are attributed to generic "threat actors" specializing in malvertising and infostealers).
## Detection Methods
- **Signature-based detection**: Update EDR/Antivirus definitions with the SHA256 hashes listed above.
- **Behavioral detection**: Monitor for browser-spawned processes attempting to run virtualization-check commands (e.g., `systeminfo`, `wmic`, or registry queries for CPU/Disk identifiers).
- **Network-level**: Flag or block traffic to known cloaking domains like `openew[.]app`.
## Mitigation Strategies
- **User Education**: Inform users that OpenAI does not require a desktop application to bypass "high traffic" outages and that they should only download software from official app stores or the primary website.
- **Ad-Blocking**: Implement enterprise-grade ad-blocking to prevent "Sponsored" malicious results from appearing in search engines.
- **Strict Software Inventory**: Use AppLocker or similar tools to prevent the execution of unidentified installers in the `%DOWNLOADS%` or `%TEMP%` directories.
## Related Tools/Techniques
- **ClickFix**: A similar social engineering technique that tricks users into running PowerShell commands to "fix" a browser or document error.
- **Claude Artifacts Abuse**: A similar technique using Anthropic’s Claude platform to host malicious content.
- **SEO Poisoning / Malvertising**: The broader method of using paid ads to promote malicious links.