ChatGPT share links abused to host fake outage pages to deliver malware

Researchers discovered the "LLMShare" campaign where attackers use Google ads to send users to ChatGPT shared pages that render fake outage notices on legitimate chatgpt.com URLs; those pages instruct victims to download a desktop app from a malicious site (openew.app) that installs malware. The attackers leverage platform rendering, "Show code/Remix" features, cloaking to evade scanners, and previously observed techniques that distributed infostealers and ClickFix-style lures.