Threat Actors Phish Credentials Using AI Brand Lures
Threat actors are now weaponizing the branding of leading artificial intelligence platforms, including ChatGPT, Claude, and DeepSeek. These campaigns disguise phishing attacks, luring users into...
Threat actors are now weaponizing the branding of leading artificial intelligence platforms, including ChatGPT, Claude, and DeepSeek. These campaigns disguise phishing attacks, luring users into divulging sensitive data like login credentials, credit card numbers, and authentication tokens.
The surge in AI adoption has given attackers fertile ground to exploit. Millions of people now rely on AI assistants daily, and many are still learning what legitimate communications from these platforms look like.
This creates the perfect window for fraud. Attackers dress up a fake page or email to resemble a trusted AI platform, and a significant number of people click without a second thought.
Microsoft Threat Intelligence analysts identified and documented several of these campaigns that unfolded in early 2026.
Microsoft said in a report shared with Cyber Security News (CSN) that these campaigns do not represent any actual breach of the AI services themselves.
They are pure social engineering operations that borrow trusted brand names to push users into clicking a link, opening a PDF, or downloading a file.
What makes these attacks harder to stop is that attackers route victims through real, trusted services before reaching the malicious destination.
Platforms like URL shorteners, CRM tools, and GitHub are layered into the chain to avoid detection. By the time someone realizes something is wrong, their information may already be gone.
The consequences are serious, as thousands of organizations across multiple countries have been targeted, with victims losing credit card data, account access, and authentication tokens that hand attackers a direct entry point into corporate systems.
Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands
The ChatGPT-themed campaign detected on May 5, 2026 shows how this works in practice.
Attackers sent around 4,500 emails to targets in South Africa, warning that their ChatGPT Plus subscription would be downgraded unless they updated their payment method within seven days.
The emails carried the ChatGPT logo and a clickable update button that looked entirely legitimate.
That button did not send users directly to a malicious site. Victims were bounced through a CRM service, an Amazon tracking domain, and a URL shortener before landing on a compromised website where a fake payment page sat inside a subfolder.
The page showed a fake CAPTCHA to filter automated scanners, then collected personal details and full credit card information across two steps.
The Claude-themed campaign ran from April 20 to 22, 2026, reaching more than 2,000 organizations in the United States, the United Kingdom, and India.
Emails claimed the recipient’s account had violated usage policies, with a PDF named “Fill and Sign Claude Appeal Form.pdf” directing users to an attacker-controlled domain.
Victims were pushed through fake verification screens before being redirected toward what appeared to be a Microsoft sign-in page designed to steal access tokens.
Fake DeepSeek Installer and Malvertising Drop Vidar
In April 2026, attackers moved fast after DeepSeek previewed its V4 model.
Within 45 minutes, a fake GitHub organization called DeepSeek-V4 was live, loaded with stolen branding, real benchmark data, and search-optimized tags designed to rank high in both traditional and AI-assisted search results.
Users who downloaded the archives received a loader that silently installed Vidar infostealer on their devices.
A separate malvertising campaign linked to Storm-3075 pushed a fake product called “Awesome AI Windows Plugin” through free movie streaming sites.
The download was a fraudulently code-signed executable tied to Fox Tempest, a group running a malware-signing service used by multiple criminal actors.
Once users launched the file and clicked a “Continue” prompt, a Python downloader quietly fetched Vidar from an attacker-controlled server.
To reduce exposure, users and organizations should enable multi-factor authentication on all accounts and avoid clicking links or downloading files from unsolicited emails.
AI platform communications should always be verified by visiting the official website directly. Organizations should also deploy email link scanning tools and solutions that detect and block phishing pages before users ever reach the malicious content.
Indicators of Compromise (IoCs):-
| Type | Indicator | Description |
|---|---|---|
| SHA-256 | 791efb555eefb7215e96659a1353a97416743b66bdd72705493129c64057d40e | File hash for attachment: Fill and Sign Claude Appeal Form.pdf |
| URL | hxxp://dash.awaydouble[.]org/0v2auth | URL inside the Claude phishing PDF attachment |
| URL | hxxps://github[.]com/shippingtechnologymovie/AI-techVideos/releases/download/13123/ProFluxeFlowAi-win-Setup.exe | Fraudulent GitHub repository (taken down) hosting malware executable |
| SHA-256 | c7c5072df9f83f4c440a5c3bb4be1d5f6c67bbf78f196406ca20d27b43b975b8 | File hash for ProFluxeFlowAi-win-Setup.exe |
| Signer SHA-1 | 4f5c5b3ef45cfff7721754487a86aeff9a2e6e32 | Fraudulent code-signing certificate (Fox Tempest) |
| Domain | brokeapt[.]com | Attacker-controlled C2 domain for Python loader |
| Domain | pan.ssffaa19[.]xyz | Vidar C2 domain |
| Domain | pan.rongtv[.]xyz | Vidar C2 domain |
| URL | hxxps://github[.]com/DeepSeek-V4/deepseek-V4/releases/download/deepseek-V4/deepseek-v4-pro_x64.7z | Fraudulent DeepSeek GitHub repository (taken down) |
| SHA-256 | 0a26238f6c516de5885457c93042531aa59bc206a9537cebf5267cedc6c68531 | deepseek-v4-pro_x64.7z (v1) |
| SHA-256 | 8610d4fb0ec5b525071c2aaec4df0f8fcbb3673aba58a7e1959fc44e83c0e2ca | deepseek-v4-flash_x64.7z (v1) |
| SHA-256 | 99231deb373997364381d1eb513d2d42231d418c3a2db9007c5af9bd56ab9371 | deepseek-v4-flash_x64.7z (v2) |
| SHA-256 | 25270cc429ada8028b5b33220ed412c47907ecceea7377d608fac5af01bed56a | deepseek-v4-pro_x64.7z (v2) |
| SHA-256 | 56d722b0331bf0aaa86bb37483486c6dff6ad9427fc473ed7c3226c21a9bdd23 | DeepSeek-specific extracted PE (deepseek-v4-pro_x64.exe, deepseek-v4-flash_x64.exe, VectorEngine.exe) |
| SHA-256 | 5455341ed1bbe75a664fca2dd0794c508e1874f75360253a7ff5bc119bc92d80 | Shared loader observed under multiple AI-brand lure names |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.