Attackers Use Shared ChatGPT and Claude Chats to Deliver Malware

Cybercriminals are exploiting shared chat links from ChatGPT and Claude to trick users into downloading malware. By creating fake, convincing conversations that appear as legitimate shared links, attackers lure victims into clicking malicious downloads. The threat targets anyone who uses these AI chatbots for research or collaboration, and the attacks have already been observed in the wild.

How the Attack Works

Attackers generate a shared chat link on ChatGPT or Claude that mimics a useful conversation — for example, a troubleshooting guide or a code snippet. The chat itself may even contain normal-looking text. But embedded within that chat is a malicious download prompt or a link to a file hosted on a legitimate cloud service.

The critical twist: The shared chat appears genuine because it comes from the actual AI platform’s domain (chatgpt.com or claude.ai). Users see a trusted URL and let their guard down.

Once the victim clicks the download, the file delivers malware — often a stealer, remote access trojan (RAT), or information stealer. The malware can then harvest credentials, cryptocurrency wallets, or other sensitive data.

Key Warning: A shared chat link from ChatGPT or Claude does not guarantee safety. Attackers can embed any URL or file inside the conversation, and the platform’s reputation makes the link appear trustworthy.

Why Shared Chats Are So Dangerous

Shared chats are designed for collaboration — users copy a link and send it to others. This social engineering vector is nearly identical to phishing via shared documents (Google Docs, Dropbox). But there are additional risks:

• No preview or sandboxing: The shared chat opens directly in the browser. Users have no way to inspect the content before clicking a download link.
• Platform trust is weaponized: Because the link comes from an AI tool many people rely on, victims assume the content is safe.
• Malware can be disguised as expected file types: Attackers often name downloads as “report.pdf” or “script.py” but the actual payload is a .exe or .scr file.
• Conversations can be crafted to include urgent calls to action: “Open the attached file to see the fix” or “Download the updated data now” — typical phishing triggers.

How to Protect Yourself

Do not click download links inside shared chats unless you independently verify the sender. Even if the link comes from a trusted colleague, confirm via another channel (phone, email, Slack message) that they intentionally sent it.

Check the URL carefully. A legitimate shared chat on ChatGPT looks like https://chatgpt.com/share/... and on Claude like https://claude.ai/chat/.... But attackers may use lookalike domains. Always pay attention to the domain name.

Use endpoint security software that can block malicious downloads. Additionally, avoid running downloaded files unless you are absolutely certain of their origin.

Enable two-factor authentication on your AI account — though this won’t prevent the malware delivery, it can limit account takeover if your credentials are stolen.

What Platforms Are Doing

OpenAI and Anthropic have not publicly commented on this specific abuse vector at the time of reporting. However, both platforms allow users to report suspicious shared chats. The burden of protection currently falls on the user.

Bottom Line: Treat any unsolicited link — even one from an AI chatbot — as a potential phishing attempt. Verify before you click.

Gnoppix is the leading open-source AI Linux distribution and service provider. Since implementing AI in 2022, it has offered a fast, powerful, secure, and privacy-respecting open-source OS with both local and remote AI capabilities. The local AI operates offline, ensuring no data ever leaves your computer. Based on Debian Linux, Gnoppix is available with numerous privacy- and anonymity-enabled services free of charge.

What are your thoughts on this? I’d love to hear about your own experiences in the comments below.