Mac users have reported that macOS's built-in malware blocker, Xprotect, flagged the ChatGPT desktop app as malware and moved it to the Trash, according to reporting from MacTrast and Forbes. MacTrast cites an OpenAI blog post explaining that OpenAI replaced the macOS notarization certificate after "a security issue involving a third-party developer tool, Axios," and that older app builds that predate the new certificate are no longer notarized. Malwarebytes reports a separate but related threat: a convincing fake download site, openew[.]app, has been distributing Windows credential stealers and a macOS strain named Odyssey Stealer to users who download non-official installers. MacTrast and OpenAI note that reinstalling or updating the ChatGPT app from OpenAI's official download page (or the Microsoft Store for Windows) restores a notarized, launchable app. Editorial analysis: This incident combines legitimate notarization changes and active adversary impersonation, creating both false-positive blocking and real malware risk for users.
What happened
Mac users reported that macOS flagged the ChatGPT desktop app as malware and automatically moved the app to the Trash, per reporting from MacTrast and coverage summarized by Forbes. MacTrast attributes the behavior to macOS's Xprotect system, which enforces notarization-based checks on macOS applications. According to an OpenAI blog post quoted by MacTrast, OpenAI changed the security certificate used to notarize its macOS applications after identifying "a security issue involving a third-party developer tool, Axios," and OpenAI warned users to update macOS apps by May 8, 2026 to retain notarization.
Technical details (reported)
Malwarebytes reports a separate campaign that uses a convincing impersonation site, openew[.]app, to serve fake ChatGPT installers; the site presents OpenAI-style branding and delivers platform-specific payloads when users click download. Malwarebytes's technical analysis states that the Windows payload is a credential-stealing distributed as Chat_GPT.exe, while the macOS download is a disk image containing ChatGpt.dmg that installs Odyssey Stealer, a fork of the Atomic Stealer (AMOS) family. Malwarebytes reports the macOS malware targets browser passwords, cookies, Telegram sessions, cryptocurrency wallets, and attempts to trojanize Ledger and Trezor wallet apps.
What OpenAI reported (reported fact)
OpenAI's blog post, cited by MacTrast, included a direct statement: "We recently identified a security issue involving a third-party developer tool, Axios, that was part of a widely reported, broader industry incident," and said it was updating certificates and instructing macOS users to install updated app builds. MacTrast summarizes OpenAI's guidance that updating via in-app updates or the official download links will restore notarization and allow macOS to run the app normally.
Industry context
Editorial analysis: Notarization and code-signing are primary defense mechanisms on macOS, and when a vendor changes signing certificates it can produce transient false positives from platform protections. Observers in the security community also note that attackers commonly exploit user demand and search-engine advertising to push fake installers, making impersonation sites an ongoing distribution vector for credential theft and cryptographic-wallet compromise.
Practical implications for practitioners and users
Editorial analysis: For practitioners supporting end users, this episode highlights two distinct but related risks: legitimate app updates that alter notarization can trigger platform defenses and user confusion, while adversaries leverage that confusion with lookalike domains and trojanized installers. Organizations that deploy desktop clients at scale should verify vendor update notices through primary channels and prefer managed distribution (MDM, official app stores, or verified enterprise installers) to reduce exposure to poisoned search results and ad-based impersonation.
What to watch
Editorial analysis: Observers should track three indicators: vendor notices about certificate or signing changes; reports of widespread Xprotect or Gatekeeper false positives; and new takedowns or detection signatures for domains like openew[.]app. Security teams will also watch for expanded malware functionality beyond credential theft, and for copycat domains that reuse the same branding and social engineering hooks.
Takeaway (reported + analysis)
Reported sources (MacTrast and Malwarebytes) show two simultaneous issues: OpenAI's certificate change caused macOS notarization failures for older ChatGPT builds, and a malicious site openew[.]app distributed genuine malware by impersonating ChatGPT downloads. Editorial analysis: The intersection of legitimate update churn and active impersonation campaigns increases both false-positive user friction and real compromise risk, so validation of download sources and managed distribution remain the most reliable mitigations.
Scoring Rationale #
This story is a notable security incident that combines a legitimate notarization change with active malware distribution, directly affecting desktop users and defenders. The item is timely but not a frontier-shifting event, and original reporting is more than three days old, reducing immediacy.
Practice with real Hotels & Lodging data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Hotels & Lodging problems