Brief IA

ChatGPT and Claude: Shared Discussions and Malware

🤖 Models & LLM·Tom Levy·

ChatGPT and Claude: Shared Discussions and Malware

ChatGPT and Claude: Shared Discussions and Malware
Key Takeaways
1Cybercriminals are using shared discussions from ChatGPT and Claude to spread malware through trusted links.
2Victims access these discussions via paid search ads, thereby evading security tools.
3Push Security has identified fake guides and error pages to encourage the download of infected software.
💡Why it mattersThis attack method exploits users' trust in reputable platforms, making detection and prevention more challenging.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

The AI platforms ChatGPT and Claude are currently being exploited by cybercriminals to spread malware through their discussion-sharing features. These platforms allow users to share conversations via public URLs, a feature that is being misused to disseminate malicious software.

Victims are lured to these malicious discussions through paid search advertisements. These links, hosted on trusted domains, often evade the scrutiny of security tools, leading users to trust them.

Examples of the links used include:

  • hxxps://claude[.]ai/share/8e6401b5-4849-46c4-a3cb-29e1c3c49131
  • hxxps://chatgpt[.]com/s/cb_6a0f1e6bbec88191aa7fede27163f08d
  • de8c50e8ccd240ef9d10ec26c26eeb37a4d1cad7c1e0edf3bb6e5689ec2dde78

The security company Push Security revealed that attackers create shared discussions that mimic official outage notices or installation guides. A recent technique leverages ChatGPT's ability to render code to create a fake error page, prompting users to download an infected desktop application. On Claude, discussions appear as Apple support guides but contain malicious Terminal commands.

A notable example on Claude includes a fake download guide for "Claude Code," which is actually a malware vector. This attack method has been dubbed "LLMShare" by Push Security. Similar campaigns have been documented by BleepingComputer and Kaspersky.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.