LLMShare ChatGPT share-link malware lure campaign
Campaign
Summary
Hide ▲
Show ▼
The LLMShare campaign is using Google ads and a legitimate chatgpt.com shared page to route people searching for ChatGPT into a fake OpenAI outage lure that pushes a malicious download. The operation abuses trust in the real domain to increase click-through and hide the handoff to a malware-delivery site. Similar abuse of Claude Artifacts suggests the same AI-sharing tactic is being reused across multiple platforms.
Related Happenings
OpenAI ChatGPT Atlas BioShocking fix
Advisory/Mitigation
H score34
First: 01.07.2026 00:50
Last: 01.07.2026 00:50
Sources 1
About this happening:
OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...
OpenAI ChatGPT Atlas BioShocking fix
Advisory/MitigationAbout this happening: OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...
IPhone AI chatbot traffic leak of API keys, replayable tokens, and open relays
Technical Analysis
H score27
First: 30.06.2026 16:49
Last: 30.06.2026 16:49
Sources 1
About this happening:
**LLMKeyLens** testing found **444 iPhone AI chatbot apps** leaking **paid AI access**, exposing **API keys**, **replayable tokens**, and **open relays** that let others bill mode...
IPhone AI chatbot traffic leak of API keys, replayable tokens, and open relays
Technical AnalysisAbout this happening: **LLMKeyLens** testing found **444 iPhone AI chatbot apps** leaking **paid AI access**, exposing **API keys**, **replayable tokens**, and **open relays** that let others bill mode...
OpenAI ChatGPT Lockdown Mode rollout limits prompt-injection exfiltration paths
Security Tool/Service
H score10
First: 06.06.2026 16:36
Last: 06.06.2026 16:36
Sources 1
About this happening:
**OpenAI ChatGPT** is rolling out **Lockdown Mode** for eligible personal accounts, reducing the risk of **prompt-injection-driven data exfiltration**. The update adds stricter li...
OpenAI ChatGPT Lockdown Mode rollout limits prompt-injection exfiltration paths
Security Tool/ServiceAbout this happening: **OpenAI ChatGPT** is rolling out **Lockdown Mode** for eligible personal accounts, reducing the risk of **prompt-injection-driven data exfiltration**. The update adds stricter li...
OpenAI Codex codexui-android supply-chain token theft campaign
Campaign
H score48
First: 01.06.2026 12:31
Last: 01.06.2026 12:31
Sources 1
About this happening:
A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...
OpenAI Codex codexui-android supply-chain token theft campaign
CampaignAbout this happening: A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...
ChatGPT and Claude phishing and malvertising campaign
Campaign
H score36
First: 01.06.2026 12:30
Last: 01.06.2026 12:30
Sources 1
About this happening:
The **ChatGPT**- and **Claude**-themed **phishing and malvertising campaign** is actively steering users to fake download pages that can deliver malware. Attackers are using **Goo...
ChatGPT and Claude phishing and malvertising campaign
CampaignAbout this happening: The **ChatGPT**- and **Claude**-themed **phishing and malvertising campaign** is actively steering users to fake download pages that can deliver malware. Attackers are using **Goo...
Timeline
-
29.05.2026 21:21 2 articles · 1mo ago
LLMShare campaign abuses ChatGPT share links to deliver malware
Initial DisclosurePush Security identified the LLMShare campaign using Google ads to steer people searching for ChatGPT to a shared chatgpt.com/s page that renders a fake OpenAI outage notice and prompts a desktop-app download. The download button leads to openew[.]app, which impersonates OpenAI's desktop application portal and offers macOS and Windows malware downloads; the page is rendered through ChatGPT itself using custom HTML and CSS.
Show sources
- ChatGPT share links abused to host fake outage pages to deliver malware — www.bleepingcomputer.com — 29.05.2026 21:21
- ChatGPT share links abused to host fake outage pages to deliver malware — www.bleepingcomputer.com — 29.05.2026 21:21