{"slug": "attackers-abuse-shared-chatgpt-and-claude-chats-to-spread-malware", "title": "Attackers abuse shared ChatGPT and Claude chats to spread malware", "summary": "Attackers are exploiting shared chat links on ChatGPT and Claude to distribute malware, using paid search ads to lure victims to malicious conversations hosted on the platforms' trusted domains. Security firm Push Security reports that the attackers craft fake outage notices or install guides, with one technique using ChatGPT's code-rendering feature to display a full fake error page that prompts users to download infected software. The campaign, dubbed \"LLMShare,\" bypasses security tools because the malicious links reside on legitimate domains, increasing the likelihood of user trust and infection.", "body_md": "# Attackers abuse shared ChatGPT and Claude chats to spread malware\n\n**Attackers are exploiting shared chat links in ChatGPT and Claude to push malware.** Both platforms let users share conversations publicly via URL. Victims stumble onto these chats through paid search ads. Because the links sit on trusted domains, security tools don't flag them, and users are more likely to trust what they see.\n\nIndicator |\nType |\n|---|---|\n| hxxps://claude[.]ai/share/8e6401b5-4849-46c4-a3cb-29e1c3c49131 | URL |\n| hxxps://chatgpt[.]com/s/cb_6a0f1e6bbec88191aa7fede27163f08d | URL |\n| openew[.]app | domain |\n| de8c50e8ccd240ef9d10ec26c26eeb37a4d1cad7c1e0edf3bb6e5689ec2dde78 | SHA256 |\n\nSecurity firm [Push Security](https://pushsecurity.com/blog/llmshare-malvertising-campaign) says attackers craft shared chats that mimic official outage notices or install guides. One newer twist uses ChatGPT's code-rendering feature to build a full fake error page right inside a shared chat, then pushes users to download an infected desktop app. On Claude, shared chats pose as Apple support walkthroughs laced with malicious Terminal commands.\n\nPush Security calls the attack technique \"LLMShare.\" [BleepingComputer](https://www.bleepingcomputer.com/news/security/hackers-abuse-google-ads-claudeai-chats-to-push-mac-malware/) and [Kaspersky](https://www.kaspersky.com/blog/share-chatgpt-chat-clickfix-macos-amos-infostealer/54928/) have both documented similar campaigns.\n\n```\nAI News Without the Hype – Curated by Humans\n\n\t\t\t\t\tSubscribe to THE DECODER for ad-free reading, a weekly AI newsletter, our exclusive \"AI Radar\" frontier report six times a year, full archive access, and access to our comment section.\t\t\t\t\n\n\t\t\t\t\tSubscribe now\n```\n\n[Push Security](https://pushsecurity.com/blog/llmshare-malvertising-campaign)", "url": "https://wpnews.pro/news/attackers-abuse-shared-chatgpt-and-claude-chats-to-spread-malware", "canonical_source": "https://the-decoder.com/attackers-abuse-shared-chatgpt-and-claude-chats-to-spread-malware/", "published_at": "2026-05-30 10:32:22+00:00", "updated_at": "2026-05-30 11:11:00.064804+00:00", "lang": "en", "topics": ["artificial-intelligence", "large-language-models", "ai-safety", "ai-products", "ai-tools"], "entities": ["ChatGPT", "Claude", "Push Security", "BleepingComputer", "Kaspersky", "LLMShare", "Apple", "Mac"], "alternates": {"html": "https://wpnews.pro/news/attackers-abuse-shared-chatgpt-and-claude-chats-to-spread-malware", "markdown": "https://wpnews.pro/news/attackers-abuse-shared-chatgpt-and-claude-chats-to-spread-malware.md", "text": "https://wpnews.pro/news/attackers-abuse-shared-chatgpt-and-claude-chats-to-spread-malware.txt", "jsonld": "https://wpnews.pro/news/attackers-abuse-shared-chatgpt-and-claude-chats-to-spread-malware.jsonld"}}