Fake ChatGPT Desktop App Ads Used to Push Password-Stealing Malware

Security researchers have identified multiple campaigns abusing trusted AI platforms (ChatGPT, Claude) to trick users into installing malware and to render attacker-controlled phishing content inside AI interfaces: the LLMShare "InstallFix" campaign uses sponsored search ads and fake outage pages to serve Odyssey Stealer and other payloads, ChatGPhish causes AI summarization flows to surface live phishing links and QR codes inside the assistant UI, and developer-focused techniques (SymJack, TrustFall) enable malicious repository-driven command approvals and configuration overwrites—these methods have led to large-scale credential theft and evasion of typical security inspection, prompting advice to avoid sponsored ads and use official vendor domains for updates.