With the popularity of large language models, hackers' attack methods are also evolving, even starting to use the legitimate mechanisms of AI platforms for precise poisoning. The cybersecurity company Push Security recently released a report revealing a new type of cyber-attack activity named "LLMShare" (abuse of shared content in large language models). Hackers cleverly host malicious content directly on OpenAI's official domain, exploiting the public's trust in official platforms to trick users into downloading malware.

In this highly covert scam, attackers first use the powerful content rendering capabilities of ChatGPT to create a custom HTML page within the official platform and publicly publish it through the official "/s/" sharing link. Subsequently, hackers placed fake top-sponsored ads on Google search engines. Since these ads point to legitimate shared links with official domains, neither ordinary internet users nor automated security detection tools could easily detect any flaws at the initial stage.

When unsuspecting users click on the Google ad and enter the page, they are not greeted by a normal chat canvas, but rather an extremely realistic "fake downtime notice." This notice claims that "the website is temporarily unavailable due to high current traffic" and deceptively prompts users to "download the desktop application to continue using it."

Once users click the download button on the page, they will be redirected to a malicious portal website. This site not only provides forged Windows and macOS version client download packages but also employs sophisticated disguise techniques to avoid detection. When cybersecurity scanning tools access it, it actively displays a completely harmless virtual reality company website; however, only when real victims visit it does it reveal its true face, showing the malicious program download interface. Security tests have shown that these forged client programs execute specific commands immediately upon running to check whether the current environment is a virtual machine, thereby waiting for the opportunity to carry out further attacks.

Safety researchers emphasize that this attack model fully relying on the "endorsement" of major companies is showing a trend of spreading. In addition to ChatGPT, researchers have also captured similar variant applications targeting the Claude platform in related victim environments. This means that hackers are conducting horizontal testing across different mainstream AI platforms using the same attack tactics and social engineering scripts. This precise poisoning method that exploits the vulnerabilities of the legitimate large model domain sharing mechanism has undoubtedly sounded the alarm for the current internet security defense system.