# Malvertisers Use ChatGPT Share Links to Deliver Malware > Source: > Published: 2026-06-04 16:57:00.562233+00:00 # Malvertisers Use ChatGPT Share Links to Deliver Malware Security researchers report a malvertising campaign that uses paid search ads to route victims to weaponized ChatGPT and AI-platform share pages delivering malware. Push Security disclosed on May 29, 2026 that attackers built pixel-perfect fake outage/download pages hosted on chatgpt.com/s/[id], and bought Google Ads for queries such as "ChatGPT download" to steer traffic to those share links (reported by TechTimes). The Cloud Security Alliance documented a parallel campaign abusing claude.ai share links to host macOS installation guides that run the **MacSync** infostealer, with initial identification attributed to Trendyol Group researcher Berk Albayrak (CSA research note, May 12, 2026). Evalian's SOC team also flagged a Windows-and-macOS campaign using convincing OpenAI branding and sponsored search results (ITSecurityNews). As of June 1, 2026, TechTimes reports neither OpenAI nor Anthropic had issued a public statement addressing the abuse. ### What happened Security vendors and research groups documented multiple malvertising campaigns that weaponize AI-chat platforms' sharing features to deliver malware. Push Security disclosed a campaign on May 29, 2026 that hosts a fake ChatGPT outage/download page inside a legitimate chatgpt.com/s/[unique-id] share link and funnels users there via paid Google search ads targeting terms such as "ChatGPT" and "ChatGPT download" (reported by TechTimes). The Cloud Security Alliance published a research note on May 12, 2026 describing a related campaign that abused claude.ai share links to present fake macOS installation guides attributed to "Apple Support," delivering the **MacSync** infostealer; the CSA attributes first identification to Berk Albayrak of Trendyol Group and notes independent confirmation by BleepingComputer. ITSecurityNews/Evalian's SOC team reported a campaign using convincing OpenAI branding and sponsored search results to lure both Windows and macOS users. ### Technical details Per the Cloud Security Alliance research note, the **MacSync** payload is delivered as a gzip-compressed shell script executed in memory and generated as a uniquely obfuscated variant on each request, a polymorphic delivery approach that evades file-hash detection and bypasses macOS Gatekeeper inspection of installed bundles. TechTimes reports that ChatGPT's sharing feature renders embedded HTML and CSS within share pages, which attackers exploited to build a pixel-perfect fake outage notice with a clickable download button; a "Show code" toggle on the share page exposes that the content is custom HTML rather than an official system message. Push Security and CSA both emphasize that because the malicious content resides on the platforms' own domains, URL-reputation signals and corporate web filters that rely on destination domains can be bypassed. ### Industry context Editorial analysis: Industry reporting frames these incidents as part of a recurring pattern where threat actors weaponize platform-level trust and user-facing features rather than exploiting software vulnerabilities. The CSA notes the technique echoes December 2025 incidents that used shared chats on ChatGPT and Grok to deliver the Atomic macOS Stealer, indicating a repeatable social-engineering method being ported across platforms. Observers in security operations will view in-memory, polymorphic delivery and the use of legitimate hosting domains as significant escalation in malvertising sophistication. ### Impact for practitioners Editorial analysis: Security teams should treat paid search-result vectors and trusted-platform share links as high-risk attack surfaces. Signal-based controls that depend primarily on destination-domain reputation will miss campaigns where the malicious content is hosted on legitimate service domains. Endpoint defenders and SOC analysts will need telemetry that surfaces anomalous in-memory script execution, post-execution network exfiltration to suspicious endpoints, and rapid polymorphic behavior rather than relying on static hashes. ### What to watch - •Indicators of campaign expansion: similar abuse on other AI chat platforms' share features (CSA already documents claude.ai and prior ChatGPT/Grok incidents). - •Ad publisher telemetry: spikes in paid-search placements for keywords tied to popular AI tools or trusted services. - •In-memory execution and polymorphism: unique-obfuscation patterns and gzip-delivered scripts reported by CSA. - •Vendor responses: TechTimes reports that as of June 1, 2026 neither OpenAI nor Anthropic had issued a public statement about the abuse; watchers should track formal mitigations or changes to sharing/rendering behavior. ### Reported sources and attributions This summary synthesizes reporting from TechTimes (Push Security disclosure, June 1, 2026), Cloud Security Alliance research note (May 12, 2026), and ITSecurityNews/Evalian SOC reporting (June 4, 2026). ## Scoring Rationale The campaign escalates malvertising by hosting weaponized pages on trusted AI-platform domains and using polymorphic in-memory payloads, which materially raises detection and response complexity for defenders. Multiple vendors and research groups independently reported the technique, making it broadly relevant to security and incident-response teams. Practice with real Ad Tech data 90 SQL & Python problems · 15 industry datasets [Active Search Campaigns by BudgetEasy](/problems/sql/active-search-campaigns-by-budget) [High CPC Clicks & Poor Landing PagesMedium](/problems/sql/high-cpc-clicks-poor-landing-page) [Campaign ROAS by Attribution ModelHard](/problems/sql/campaign-roas-by-attribution-model) 250 free problems · No credit card [See all Ad Tech problems](/problems/datasets/adtech)