A threat campaign identified by Push Security, named LLMShare, abuses ChatGPT’s conversation sharing feature to host malicious fake OpenAI outage pages on the legitimate chatgpt.com domain — delivering infostealer malware to victims who visit the pages through Google Ads-sponsored search results.
How LLMShare Weaponizes ChatGPT’s Share Feature to Host Malware on chatgpt.com
ChatGPT’s sharing feature allows users to generate publicly accessible links at chatgpt.com/s/ that display conversation content to anyone with the URL. LLMShare threat actors exploit this by constructing shared conversations whose rendered output mimics an official OpenAI service outage page, with messaging such as “We’re experiencing high traffic right now.” The pages are hosted on the legitimate chatgpt.com domain — not a lookalike or typosquatted domain — which bypasses URL-based security controls and browser reputation warnings that would block third-party malicious domains.
Google Ads as the LLMShare Distribution Channel: Reaching Victims Through Trusted Search Results
Push Security identified Google Ads-sponsored results as the primary distribution mechanism for LLMShare malicious links. Users searching for ChatGPT or related terms encounter sponsored results that appear in the trusted ad positions at the top of search results and direct them to the chatgpt.com/s/ shared links. Because both the ad placement and the destination domain appear legitimate, victims have limited cues to recognize the attack before reaching the fake outage page.
Infostealer Payload Targets Windows and macOS With VM Detection
The fake outage pages prompt visitors to download a purported ChatGPT desktop application. Both Windows and macOS installer variants have been identified; each delivers infostealer malware that includes virtual machine detection, allowing it to avoid executing in sandboxed analysis environments. Push Security characterized LLMShare as part of a growing pattern of attackers using trusted AI platform sharing features to carry malicious content past enterprise security tooling that operates on domain reputation rather than content analysis.
Enterprise Implications of LLMShare: AI Platform Sharing Features as an Attack Surface
LLMShare demonstrates that the act of hosting content on a trusted domain — through a legitimate platform feature — can neutralize domain-based security controls. Security tooling that allows chatgpt.com unconditionally will not flag LLMShare links, because they are genuinely hosted there. Organizations that rely on URL reputation and domain allowlisting as a primary security layer face a structural gap that LLMShare directly exploits. Push Security’s finding raises questions about whether enterprise security policies for AI platform access need to account for the sharing features of those platforms, not just the platforms themselves.
