Published on May 30, 2026
ChatGPT share links abused to host fake outage pages to deliver malware
Severity
Medium
Detail
Threat actors are abusing ChatGPT’s public share-link feature to host fake OpenAI outage pages on a legitimate chatgpt.com/s/ URL. The campaign, called LLMShare by Push Security, used Google ads to target users searching for ChatGPT and redirected them to a shared ChatGPT page that displayed a fake message claiming the web version was unavailable and asking users to download the desktop app.
How?
The attack worked in several stages. First, the attacker exploited the vulnerable Marimo service to execute commands on the host. Next, they searched common locations for sensitive files, including environment variables, AWS credentials, SSH keys, PostgreSQL configuration files, and other secrets. After obtaining AWS credentials, they accessed AWS APIs and retrieved an SSH private key from AWS Secrets Manager. The attacker then used this key to connect to a downstream bastion server, moved deeper into the internal environment, discovered PostgreSQL database access details, enumerated the database schema, and dumped sensitive tables. The LLM agent helped by interpreting command output, choosing the next action, suppressing unnecessary errors, and adjusting the attack flow dynamicallyThe attacker creates a custom HTML/CSS page rendered inside ChatGPT’s shared-content feature, making the lure appear to come from a trusted OpenAI domain rather than attacker infrastructure. When the victim clicks the fake download button, they are redirected to openew[.]app, a fake ChatGPT desktop download site; the site reportedly uses cloaking, showing benign content to scanners while serving Windows and macOS malware downloads to targeted victims.
Conclusion
This attack is dangerous because it abuses trust in legitimate AI platform domains, not just fake lookalike domains. For SOC monitoring, treat sponsored “ChatGPT download” ads, unexpected chatgpt.com/s/ outage pages, fake desktop app prompts, and redirects to non-OpenAI download domains as suspicious; users should download ChatGPT only from official OpenAI channels or verified app stores.
Source