Weaponized ChatGPT Download Site Delivers Malware Via Sponsored Search Results

A sophisticated malvertising campaign is actively weaponizing OpenAI’s branding by promoting a fake ChatGPT download site through sponsored search results, delivering trojanized payloads to both Windows and macOS users.

Security researchers from Evalian’s SOC team uncovered the operation, which leverages convincing OpenAI branding and search engine advertisements to lure users seeking legitimate AI tools. The campaign centers on a malicious domain, openew[.]An app, designed to closely mimic an official ChatGPT download page.

Campaign Infrastructure and Payload Analysis

Victims are presented with multiple download options, including Windows, macOS, and a Chrome extension. While the browser extension redirects to a legitimate listing to build trust, the Windows and macOS installers deliver trojanized binaries.

The domain, newly registered via Namecheap, resolves to IP address 144[.]172[.]104[.]205, hosted on RouterHosting infrastructure—a provider frequently observed in short-lived malicious campaigns. The Windows payload, distributed as Chat_GPT.exe (SHA256: 56CC26E88C064B0C423AA8AD6530E58F91D1E4D28FAB1A8BCEDEF16A6582B4D2), uses an Inno Setup installer to deploy an Electron-based application. Despite appearing legitimate, the binary contains mismatched metadata and a code-signing certificate issued to an unrelated entity, F.F.A.P. Hurkmans Beheer B.V.

Evasion Techniques and Execution Behavior

Static analysis reveals the application bundles a Chromium-based runtime with an obfuscated JavaScript payload stored in the app.asar file. A large script, identified as winter.js, uses encoded strings and dynamic execution patterns to complicate analysis. The application includes Node.js modules such as child_process, fs, and systeminformation, enabling system reconnaissance, file manipulation, and command execution.

Dynamic analysis shows the malware employs CAPTCHA-based gating before executing its core functionality, a technique designed to evade automated sandbox detection. Once the user completes the CAPTCHA, the malware spawns multiple PowerShell processes with execution flags such as “-ExecutionPolicy Unrestricted,” suggesting staged payload delivery with runtime-injected commands.

The malware creates a Chromium-style profile in %AppData%\Satoshi to maintain persistence and store data such as cookies and cache files. This behavior, combined with event-driven execution, delays primary actions until specific user interactions occur, further complicating detection. Notably, embedded network configurations reference legitimate DNS-over-HTTPS services such as Cloudflare and Google, blending malicious traffic into normal encrypted DNS traffic to obscure command-and-control communications.

MacOS Variant and Strategic Implications

The macOS variant (SHA256: 7E5B708F6659B1FAD3AAE7B589A706434FBF21708AEEC5AF5910189B96E25FEF) remained largely undetected by antivirus engines at the time of discovery, suggesting either low distribution volume or effective evasion techniques. This campaign demonstrates how threat actors are evolving malvertising strategies by combining trusted branding, modern application frameworks such as Electron, and layered evasion techniques including obfuscation, CAPTCHA validation, and staged execution.

For defenders, key signals include unexpected Electron applications spawning scripting engines, mismatched installer metadata, and unusual directories such as %APPDATA%\Satoshi. Monitoring newly registered domains impersonating software vendors and analyzing process behavior rather than relying solely on signatures remains critical. As AI tools continue to gain widespread adoption, campaigns like this highlight the growing risk of brand impersonation in malware delivery, reinforcing the need for stronger user awareness and behavioral detection controls.

— Originally reported by Cyber Security News. Adapted and republished with editorial context for MacThreat.