This post is also available in:
עברית (Hebrew)
Security tools have traditionally relied on a simple principle: users are more likely to trust well-known websites, and defenders can often flag suspicious domains before damage occurs. But attackers are increasingly finding ways to abuse trusted platforms themselves, making malicious content appear far more legitimate than conventional phishing sites.
A newly identified campaign demonstrates this shift by exploiting content-sharing features inside popular AI chat platforms (such as ChatGPT). Instead of directing victims to unfamiliar websites, attackers are hosting convincing malware delivery pages within legitimate AI-generated content, making fraudulent messages appear as though they originate from trusted services.
The attack begins with a shared AI-generated page that displays what looks like an official service outage notification. Victims are told that the platform is experiencing unusually high traffic and are encouraged to download a desktop application to continue using the service. According to Cyber News, because the page is rendered inside a legitimate AI-sharing link hosted on a trusted domain, the warning appears far more credible than a typical phishing attempt.
Researchers discovered that the fake outage page is not an official platform message at all. It is generated through custom HTML and CSS rendered by the platform’s content-sharing and code-rendering features. The page includes controls associated with AI-generated content, but many users may overlook those indicators.
Clicking the download button redirects visitors to a cloned software download portal that mimics the appearance of the legitimate application. The site reportedly includes operating-system-specific installers and branding designed to reinforce trust. Researchers also found evidence of cloaking techniques, where real users are shown the malicious download page while security scanners and automated bots receive harmless content. This makes the infrastructure harder to detect and investigate.
The malware ultimately delivered through these campaigns can provide attackers with credential theft capabilities, remote access, and information-stealing functions. Similar techniques have reportedly appeared on multiple AI platforms (such as Claude), suggesting threat actors are experimenting with trusted AI ecosystems as new social-engineering channels.
From a cybersecurity and defense perspective, the campaign highlights a growing challenge: malicious content can now be hosted within highly trusted digital environments. Traditional warning signs such as suspicious domains or unfamiliar websites become less effective when attackers operate through legitimate services.
The broader lesson is that trust in a platform does not automatically extend to content generated or shared within it. As AI platforms become more integrated into daily workflows, they are increasingly becoming part of the cybersecurity threat landscape themselves.
