Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Openew[.]app cloaked malware download portal

Malware Activity
First reported
Last updated
Happening score
H score 14
1 unique sources, 1 articles

Summary

Hide ▲

The openew[.]app portal is delivering macOS and Windows malware through a fake ChatGPT outage lure, putting searchers at risk of device compromise. Victims are redirected from a legitimate chatgpt.com/s/ shared page to a site that impersonates OpenAI's desktop app download flow. The portal also uses cloaking to hide malicious content from security review.

Related Happenings

LLMShare ChatGPT share-link malware lure campaign

Campaign
First: 29.05.2026 21:21 Last: 29.05.2026 21:21 Sources 1

How related: The "LLMShare" campaign, discovered by Push Security, uses Google ads to direct users searching for ChatGPT to a malicious shared ChatGPT page hosted on chatgpt.com, allowing the attack to be delivered through a legitimate OpenAI domain.

About this happening: The **LLMShare** campaign is using **Google ads** and a legitimate **chatgpt.com** shared page to route people searching for **ChatGPT** into a fake **OpenAI outage** lure that pu...

Open Happening

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...

Open Happening

SHub Reaper macOS infostealer variant

Malware Activity
First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

Open Happening

Hugging Face shared-loader supply chain campaign

Campaign
First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....

Open Happening

OpenClaw fake installer GitHub campaign promoted by Bing AI

Campaign
First: 06.03.2026 00:37 Last: 06.03.2026 00:37 Sources 1

About this happening: A **last month** campaign used **fake OpenClaw installers** on **GitHub** and **Bing AI**-promoted search results to push **malware loaders** and **infostealers** to people trying...

Latest development: 09.03.2026 20:31

A malicious npm package named @openclaw-ai/openclawai, uploaded on March 3, 2026, masquerades as an OpenClaw installer and uses a postinstall hook to launch scripts/setup.js, display a fake CLI and iCloud Keychain prompt, and fetch a second-stage payload from trackpipe[.]dev. The chain installs a persistent RAT internally identified as GhostLoader and steals macOS Keychain data, browser credentials, crypto wallets, SSH keys, Apple Notes, iMessage history, Safari history, and Mail data before exfiltrating a tar.gz archive through the C2 server, Telegram Bot API, and GoFile.io.

Open Happening

Timeline

  1. 29.05.2026 21:21 2 articles · 1h ago

    Push Security finds ChatGPT share links used to deliver openew[.]app malware downloads

    Initial Disclosure

    Security researchers at Push Security identify the LLMShare campaign abusing ChatGPT content-sharing links and Google ads to send searchers to a fake OpenAI outage page rendered through a legitimate chatgpt.com/s/ URL. Visitors who click the download prompt are redirected to openew[.]app, a cloaked site that impersonates OpenAI's desktop application download portal and offers macOS and Windows malware downloads.

    Show sources
    Open in new tab