Push Security — LLMShare Campaign Abuses ChatGPT & Claude Share Links for Malware

AI relevance: LLM platforms' content-sharing features are being weaponized as zero-reputation attack infrastructure — the same trust model that makes ChatGPT and Claude useful for collaboration now makes them ideal malware delivery vehicles that bypass corporate web filters.

What's happening

Push Security has uncovered a live malvertising campaign dubbed LLMShare that exploits the content-sharing features of ChatGPT and Claude to distribute malware from domains that every URL reputation system considers trustworthy.

• Attackers purchase Google ads targeting users searching for ChatGPT; clicking the ad leads to a shared ChatGPT page on a legitimate chatgpt.com/s/ URL
• Instead of a real conversation, the page renders a fake OpenAI outage notice claiming the web version is unavailable and directing users to download a "desktop app"
• The download link points to openew[.]app, a cloaked site impersonating OpenAI's download portal; URL scanners see a benign AR/VR company landing page instead
• The downloaded macOS and Windows binaries install malware (likely infostealers based on earlier similar campaigns)
• Push Security also observed LLMShare variants on Claude, where shared conversations disguised as "Apple Support" guides for installing Claude Code instruct users to run malicious curl commands
• This follows earlier 2026 campaigns abusing Claude Artifacts and shared Grok conversations for ClickFix-style attacks
• The core problem: AI platform sharing features produce content on trusted domains, making traditional phishing detection and web filtering useless against these lures

Why it matters

This is not a bug — it's a structural weakness in how LLM platforms handle user-generated shared content. The same rendering capability that lets developers share interactive demos also lets attackers host convincing phishing pages on chatgpt.com. Every AI platform that offers shareable, custom-rendered content is now a potential attack infrastructure provider.

What to do

• Block or flag shared AI platform URLs (chatgpt.com/s/, Claude share links) in web proxy and email security policies
• Train users to never download software from a shared ChatGPT or Claude page, regardless of how official it looks
• AI platforms should add visible watermarks and origin indicators distinguishing platform messages from user-rendered content
• Advise developers to bookmark official download pages and never click sponsored search ads for software downloads

Links

• gHacks — Attackers Abuse ChatGPT Share Links (June 2026)
• TrollEye Security — Push Security LLMShare Analysis
• Infosecurity Magazine — Attackers Abuse Shared Content for ChatGPT Phishing
• Security Boulevard — Threat Actors Abuse ChatGPT Chats (June 2026)