Hackers Use Shared ChatGPT and Claude Links to Spread Malware
Key Takeaways
- Attackers create shared ChatGPT and Claude chats that mimic official support pages to distribute malware
- Security tools don't flag these links because they come from trusted domains like chatgpt.com and claude.ai
- Victims find these malicious shared chats through paid search ads
Trusted Domains, Dangerous Content
Both ChatGPT and Claude let users share their conversations publicly through a simple URL. It's a useful feature for collaboration. It's also a security gap that attackers are now exploiting.
Security firm Push Security has documented a new attack technique they call 'LLMShare.' The premise is simple: create a shared chat on a trusted AI platform, fill it with malicious content disguised as legitimate help, and promote it through paid search ads.
When victims click these ads and land on chatgpt.com or claude.ai, they see a familiar interface. The URL looks legitimate. Their browser's security warnings stay silent. Why would anyone suspect a link to OpenAI or Anthropic's own domains?
How the Attacks Work
Push Security has identified several variations of this attack. The most common approach involves shared chats that mimic official outage notices or software installation guides.
One particularly clever variant abuses ChatGPT's code-rendering feature. Attackers build a full fake error page right inside a shared chat. The rendered code looks like an official error message, complete with a download button for an 'updated' desktop app. That app contains malware.
On Claude, attackers take a different approach. Shared chats pose as Apple support walkthroughs. They include Terminal commands that users are instructed to copy and paste. Those commands install malware.
Both BleepingComputer and Kaspersky have documented similar campaigns, suggesting this technique is spreading among threat actors.
Why Security Tools Miss These Attacks
Traditional security tools rely heavily on domain reputation. Links to known malicious domains get blocked. Links to chatgpt.com and claude.ai pass through without scrutiny.
This creates a blind spot. The malicious content lives on the same domain as legitimate AI conversations. There's no file attachment to scan. No executable to flag. Just text, code snippets, and instructions that lead users to download malware from elsewhere.
The psychology works in the attackers' favor too. Users have been trained to trust content from major tech companies. A support guide on claude.ai feels official even when it isn't.
Known Indicators of Compromise
Push Security has published specific indicators that security teams can use to detect these attacks:
- Malicious Claude share URL: hxxps://claude[.]ai/share/8e6401b5-4849-46c4-a3cb-29e1c3c49131
- Malicious ChatGPT share URL: hxxps://chatgpt[.]com/s/cb_6a0f1e6bbec88191aa7fede27163f08d
- Malicious domain: openew[.]app
- Malware SHA256: de8c50e8ccd240ef9d10ec26c26eeb37a4d1cad7c1e0edf3bb6e5689ec2dde78
What Organizations Can Do
Blocking shared chat URLs entirely isn't practical for most organizations. Employees legitimately share AI conversations for work purposes.
A more targeted approach involves monitoring for shared chat links that arrive via paid search ads. If an employee lands on a ChatGPT or Claude share link from a Google ad, that's suspicious. Legitimate shared chats typically come through direct messages, emails from known contacts, or internal documentation.
Security awareness training should also evolve. Employees need to understand that a trusted domain doesn't mean trusted content. Anyone can create a shared chat and put anything in it.
Terminal commands and app downloads can impact system performance and security
Logicity's Take
Frequently Asked Questions
Can I tell if a shared ChatGPT or Claude link is malicious?
Not easily. The links look identical to legitimate shared conversations. Be suspicious of any shared chat that asks you to download software, run Terminal commands, or enter credentials. Especially if you found it through a search ad.
Are OpenAI and Anthropic doing anything about this?
Neither company has announced specific countermeasures yet. The challenge is distinguishing between legitimate shared chats and malicious ones at scale, since the content itself determines the intent.
Should my company block shared AI chat links?
Blanket blocking isn't practical since shared chats have legitimate uses. Focus instead on monitoring how employees reach these links. Shared chats from search ads should raise red flags.
What malware is being distributed through these attacks?
Push Security has identified at least one specific malware sample (SHA256 hash provided in the article) linked to these campaigns. The malware typically arrives as a fake desktop app download.
Why don't antivirus tools catch these attacks?
The malicious instructions live on trusted domains that security tools don't block. The actual malware download happens separately, and by then the user has been socially engineered to trust the process.
Need Help Implementing This?
Source: The Decoder / Matthias Bastian
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse allZuckerberg's Superintelligence Lab Faces Setback
The first AI model from Zuckerberg's superintelligence lab has failed to impress compared to its rivals, sparking concerns about the lab's direction. We take a closer look at what happened and why it matters.
Muse Spark Launch Propels Meta AI App to Top 5
The recent launch of Muse Spark has significantly boosted the popularity of Meta AI app, pushing it into the top 5. We explore what this means for the AI landscape.
Meta's Muse Spark AI Model Lags Behind ChatGPT and Claude
Meta's Muse Spark AI model still can't outperform ChatGPT and Claude in key areas, despite its advancements. We explore what this means for the AI landscape.
Meta Launches Muse Spark AI To Challenge ChatGPT
Meta launches Muse Spark AI to challenge ChatGPT and Claude, we explore what this means for the AI landscape. Muse Spark AI is a significant development in the AI chatbot space.
Also Read
Pragmata Devs Embrace Xbox 360-Era Comparisons as Honor
Capcom's Pragmata team says being compared to PS3 and Xbox 360-era action games is a 'huge compliment.' Director Yonghee Cho and producer Naoto Oyama credit the comparison to their focus on creating something new, though the real reason might be simpler: players miss linear single-player games.
5 Ways to Speed Up a Slow Laptop Without Buying New Hardware
Most laptop slowdowns come from software clutter, not aging hardware. A few targeted tweaks to startup apps, visual effects, and system maintenance can restore near-new performance without spending a cent on upgrades.
Xiaomi 17T Series Launches With Periscope Cameras, 7,000mAh Batteries
Xiaomi's new 17T and 17T Pro bring flagship-grade 5x periscope zoom to the mid-range, paired with silicon-carbon batteries reaching 7,000mAh. Both phones cost €100 more than their predecessors, but launch bundles offer tablets at half price.