Fake ChatGPT Desktop App Ads Spread Password-Stealing Malware Through AI-Linked Tricks

Security researchers have uncovered a new malware campaign in which attackers are abusing the popularity and trust of AI tools like ChatGPT to distribute password-stealing malware through fake desktop app downloads and manipulated AI-related workflows.

The campaign shows how cybercriminals are increasingly blending legitimate AI services with deceptive infrastructure to bypass security filters and trick users into installing malicious software.

Fake Ads and Trusted AI Links Used in Attack Chain

According to researchers, attackers ran sponsored Google search ads targeting high-volume queries such as “ChatGPT desktop app” and “ChatGPT download.” Users who clicked these ads were redirected to legitimate ChatGPT URLs, including chatgpt.com links.

Because the traffic initially went through trusted domains, many corporate security tools and firewalls failed to flag or block the activity.

Attackers then exploited AI-related page features to display a fake outage message inside the legitimate interface. This message falsely claimed that the web version was temporarily unavailable and instructed users to download a desktop application instead.

Redirection to Malware Delivery Sites

Users who followed the instructions were redirected to a lookalike domain designed to deliver malicious software for both Windows and macOS systems.

On macOS devices, the payload was identified as a variant of the Atomic macOS Stealer, known for stealing browser-saved passwords, cryptocurrency wallet data, and authentication session tokens.

Researchers also found that the malicious site used conditional rendering techniques. When accessed by automated scanners or security tools, it displayed a harmless-looking decoy site. However, real human users were shown the malware download page.

This allowed the campaign to evade detection systems that rely on automated scanning.

AI Content Abuse and Phishing via Summarization Features

Security researchers also highlighted a separate technique where attackers abuse how AI systems process web content.

In this method, malicious code is embedded in otherwise normal-looking webpages. When users ask an AI tool like ChatGPT to summarize the page, the system may retrieve and display attacker-controlled links, QR codes, or fake warnings directly inside the trusted AI interface.

This approach, sometimes referred to as AI-assisted phishing, takes advantage of user trust in AI-generated summaries and responses.

Growing Trend of AI Platform Abuse

Researchers warn that these attacks represent a broader shift in cybercrime tactics, where attackers increasingly exploit AI platforms not just as targets, but as part of the attack delivery chain.

By combining sponsored ads, trusted AI domains, conditional website behavior, and manipulated AI outputs, attackers are able to bypass traditional security layers while increasing the likelihood of user deception.

Security experts emphasize that users should be cautious when downloading software from search ads or following installation instructions that originate from AI-generated prompts or summaries.

As AI tools become more integrated into everyday workflows, researchers say these hybrid attack techniques are likely to become more common and more difficult to detect.