ChatGPT share links abused to host fake outage pages to deliver malware
According to BleepingComputer, attackers are abusing ChatGPT's content-sharing feature to create convincing fake outage pages. The pages mimic official OpenAI error messages and instruct users to download a 'ChatGPT desktop application' that is actually malware. This campaign leverages the trust users have in ChatGPT share links, which are typically used to share conversations. The malicious links are distributed via phishing emails and social media posts. Once downloaded, the malware can steal credentials, install backdoors, or deploy ransomware. OpenAI has not yet commented on the abuse. Users are advised to only download ChatGPT apps from official sources like OpenAI's website or authorized app stores.
Developers relying on ChatGPT must verify download sources to avoid malware disguised as updates.