Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

LLMShare ChatGPT share-link malware lure campaign

Campaign
First reported
Last updated
Happening score
H score 47
1 unique sources, 1 articles

Summary

Hide ▲

The LLMShare campaign is using Google ads and a legitimate chatgpt.com shared page to route people searching for ChatGPT into a fake OpenAI outage lure that pushes a malicious download. The operation abuses trust in the real domain to increase click-through and hide the handoff to a malware-delivery site. Similar abuse of Claude Artifacts suggests the same AI-sharing tactic is being reused across multiple platforms.

Related Happenings

Openew[.]app cloaked malware download portal

Malware Activity
First: 29.05.2026 21:21 Last: 29.05.2026 21:21 Sources 1

How related: The website offers both macOS [VirusTotal] and Windows [VirusTotal] downloads that install malware on devices.

About this happening: The **openew[.]app** portal is delivering **macOS** and **Windows** malware through a fake **ChatGPT** outage lure, putting searchers at risk of device compromise. Victims are red...

Open Happening

OpenAI ChatGPT renderer Markdown link/image phishing security flaw

Vulnerability
First: 29.05.2026 21:07 Last: 29.05.2026 21:07 Sources 1

About this happening: **ChatGPT** has a **response-renderer vulnerability** that turns summarized third-party pages into **live phishing links** and auto-fetched **attacker-hosted images** inside the t...

Open Happening

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...

Open Happening

SHub Reaper macOS infostealer variant

Malware Activity
First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

Open Happening

CRESCENTHARVEST Windows RAT and info-stealer activity

Malware Activity
First: 19.02.2026 10:13 Last: 19.02.2026 10:13 Sources 1

About this happening: The **CRESCENTHARVEST** malware activity centers on **version.dll**, a **Windows RAT and information stealer** that can execute commands, log keystrokes, and exfiltrate data. It m...

Open Happening

Timeline

  1. 29.05.2026 21:21 2 articles · 1h ago

    LLMShare campaign abuses ChatGPT share links to deliver malware

    Initial Disclosure

    Push Security identified the LLMShare campaign using Google ads to steer people searching for ChatGPT to a shared chatgpt.com/s page that renders a fake OpenAI outage notice and prompts a desktop-app download. The download button leads to openew[.]app, which impersonates OpenAI's desktop application portal and offers macOS and Windows malware downloads; the page is rendered through ChatGPT itself using custom HTML and CSS.

    Show sources
    Open in new tab