Attackers are leveraging ChatGPT's content-sharing features to spread malware by creating fake outage pages that prompt downloads of a malicious desktop application, with the goal of steering users via Google ads to seemingly authentic domains.

The campaign uses trusted-looking destinations (chatgpt.com or claude.ai) and relies on AI-branding to bypass suspicion, illustrating a broader abuse of collaboration tools to host malware and defeat security controls.

This abuse is part of a wider pattern where attackers exploit trusted platforms and relationships, including similar tactics seen with Anthropic’s Claude Artifacts, to reach more victims.

If a system is compromised, recommended recovery steps include signing out, changing passwords, rotating API keys, securing cryptocurrency, monitoring accounts, reinstalling the OS, and involving IT security teams.

The installers employ anti-analysis techniques such as VM and sandbox checks and may deploy credential-stealing software, remote access trojans, or info-stealers targeting passwords, cookies, wallets, and tokens.

There is an economic split in Windows versus macOS payloads: Windows uses commodity credential stealers and droppers, while macOS (AMOS) targets cryptocurrency theft and wallet manipulation, justifying a higher price and ROI.

The attack deploys distinct monetization goals per platform—Windows focuses on broad credential theft, macOS on high-value crypto theft through wallet replacement.

Operational economics show Windows setup as low-cost, whereas the macOS AMOS component commands higher prices due to its crypto-theft focus.

CISOs are urged to treat trusted AI services and collaboration tools as potential attack surfaces, since attackers exploit relationships and dependencies, not just technical flaws.

Defenses include using official download channels, strengthening brand protection, improving legitimacy of sources, guiding users away from unofficial download pages, and rotating credentials.

Additional guidance emphasizes official sources (OpenAI site or Microsoft Store), auditing security settings, and reinstalling the OS if infection occurs.

OpenAI and Anthropic have not publicly disclosed mitigation steps, underscoring the need for user caution when encountering download prompts from shared AI conversations.