Weaponized ChatGPT Sites Deliver Malware via Sponsored Search

Leveraging ChatGPT’s immense popularity, a new malvertising campaign promotes a weaponized fake download site via sponsored search results, delivering malware to both Windows and macOS users.

Security researchers from Evalian’s SOC team identified the operation, which leverages convincing OpenAI branding and search engine ads to lure users actively seeking legitimate AI tools.

The campaign centers around a malicious domain, openew[.]An app designed to mimic an official ChatGPT download page closely.

Victims are presented with multiple download options, including Windows, macOS, and a Chrome extension.

While the browser extension redirects to a legitimate listing to build trust, the Windows and macOS installers deliver trojanized payloads.

The domain is newly registered via Namecheap and resolves to IP address 144[.]172[.]104[.]205, which is hosted on RouterHosting infrastructure, a provider frequently observed in short-lived malicious campaigns.

The Windows payload, distributed as Chat_GPT.exe (SHA256: 56CC26E88C064B0C423AA8AD6530E58F91D1E4D28FAB1A8BCEDEF16A6582B4D2), uses an Inno Setup installer to deploy an Electron-based application.

Despite appearing legitimate, the binary contains inconsistencies, including mismatched metadata and a code-signing certificate issued to an unrelated entity, F.F.A.P. Hurkmans Beheer B.V.

Fake ChatGPT Site Spreads Malware via Ads

This highlights a common tactic where valid signatures are abused to bypass user suspicion without guaranteeing software legitimacy.

Static analysis reveals that the application bundles a Chromium-based runtime with an obfuscated JavaScript payload stored in the app. asar file.

A large script, identified as winter.js, contains heavily obfuscated logic that uses encoded strings and dynamic execution patterns, making straightforward analysis difficult.

The application includes Node.js modules such as child_process, fs, and systeminformation, indicating capabilities for system reconnaissance, file manipulation, and command execution.

Dynamic analysis shows the malware employs CAPTCHA-based gating before executing its core functionality, a technique designed to evade automated sandbox detection.

Once the user completes the CAPTCHA, the malware spawns multiple PowerShell processes with execution flags such as “-ExecutionPolicy Unrestricted,” suggesting staged payload delivery in which commands are injected at runtime rather than embedded statically.

According to Evalian’s SOC team, the malware creates a Chromium-style profile in %AppData%Satoshi to maintain persistence and store data such as cookies and cache files.

This behavior, combined with event-driven execution, indicates that the malware delays its primary actions until specific user interactions occur, further complicating detection.

Interestingly, the embedded network configurations reference legitimate DNS-over-HTTPS services such as Cloudflare and Google, thereby blending malicious traffic into normal encrypted DNS traffic.

This approach helps obscure command-and-control communications and evade traditional network monitoring tools.

The macOS variant (SHA256: 7E5B708F6659B1FAD3AAE7B589A706434FBF21708AEEC5AF5910189B96E25FEF) remained largely undetected by antivirus engines at the time of discovery, suggesting either low distribution volume or effective evasion techniques.

This campaign demonstrates how threat actors are evolving malvertising strategies by combining trusted branding, modern application frameworks such as Electron, and layered evasion techniques, including obfuscation, CAPTCHA validation, and staged execution.

Unlike traditional phishing, malvertising targets users with high intent, making the initial compromise more effective.

For defenders, key signals include unexpected Electron applications spawning scripting engines, mismatched installer metadata, and unusual directories such as %APPDATA%Satoshi.

Monitoring newly registered domains impersonating software vendors and analyzing process behavior rather than relying solely on signatures remains critical.

As AI tools continue to gain widespread adoption, campaigns like this highlight the growing risk of brand impersonation in malware delivery, reinforcing the need for stronger user awareness and behavioral detection controls.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.