{“lastseen”:”2026-05-28T12:09:34″,”description”:”A convincing fake website is impersonating OpenAI\u2019s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information.\\n\\nThe site, `openew[.]app`, closely mimics OpenAI\u2019s real ChatGPT download experience and offers what appear to be official desktop apps for both Windows and macOS. Instead, Windows users receive a credential-stealing malware loader, while Mac users get Atomic Stealer (AMOS), a well-known macOS malware family associated with cryptocurrency theft.\\n\\n\\n\\nThe dual-platform setup is what makes the operation notable. Clicking the Windows download delivers a fake installer that opens a back channel to an attacker-controlled server. Clicking the macOS button delivers malware that steals browser passwords, cookies, Telegram sessions, cryptocurrency wallets, and other sensitive files. It also attempts to replace legitimate Ledger and Trezor wallet apps with trojanized versions.\\n\\nIf you only download ChatGPT from OpenAI\u2019s official download page or the Microsoft Store, you were not the target here. But if you searched for \u201cChatGPT download\u201d and clicked an ad or unfamiliar result, you may have given attackers access to your online accounts, browser sessions, saved passwords, and potentially your cryptocurrency holdings.\\n\\n## Technical analysis\\n\\nThe domain, `openew[.]app`, closely resembles OpenAI\u2019s real ChatGPT download experience. It uses a dark theme, OpenAI-style branding, familiar marketing copy, and prominent download buttons for macOS and Windows.\\n\\nThe .app top-level domain is operated by Google and requires HTTPS connections, meaning browsers display the familiar padlock icon without obvious certificate warnings.\\n\\nThe most important detail is the dual-platform setup. Real software vendors provide separate installers for Windows and macOS, and this fake site does exactly the same thing.\\n\\nClicking the Windows button delivers `Chat_GPT.exe`, while clicking the macOS button downloads a disk image containing `ChatGpt.dmg`.\\n\\n### The Windows malware\\n\\n`Chat_GPT.exe` is built almost entirely from off-the-shelf parts. The installer uses `Inno Setup`, a free open-source toolkit used by thousands of legitimate Windows products. Inside is an `Electron` application skeleton\u2014the same Chromium-based framework used by apps like Slack and Discord\u2014bundled with standard support libraries publicly available from the Electron project.\\n\\nWhen the victim runs the installer, it creates files under `%APPDATA%\\\\LeronApplication`, launches `EApp.exe`, and spawns PowerShell with the flags `-ExecutionPolicy Unrestricted -Command -`. The trailing dash tells PowerShell to read commands from standard input, meaning the malicious instructions never touch the disk where scanners might detect them. Behavioral telemetry recorded HTTP traffic to `188.137.246.189` using a `\/laravel.php?api=api\\u0026hash=…\\u0026message=…` endpoint, alongside injection-like activity and service\/autorun persistence signals. Nine of 69 antivirus engines flagged the file as malicious at the time of analysis. The persistence evidence is better read as behavioral tradecraft than proof of a durable install, but the overall pattern is familiar commodity stealer\/dropper territory: cheap, modular, and effective rather than technically novel. \\n\\n\\nCAPTCHA displayed after the fake app launches, used to confirm that a real user is running it.\\n\\n### The macOS malware: Atomic Stealer (AMOS)\\n\\nThe macOS payload sits at the premium end of the commodity-malware market. It\u2019s **Atomic Stealer** , also known as **AMOS** , a malware-as-a-service platform documented since 2023, including in our 2024 coverage of an updated version.\\n\\nThe identification is fairly clear-cut. The sandboxed sample matches well-known AMOS behavior patterns: a long AppleScript chain passed to the macOS scripting engine, a silent password validation attempt using macOS directory-service commands, and\u2014if that silent check fails\u2014a fake macOS-style prompt reading \u201cPlease enter device password to continue,\u201d complete with the familiar lock icon. Whatever the user types is validated against the same command. If it matches, the malware captures the user\u2019s login password in cleartext.\\n\\nFrom there, it follows a familiar AMOS playbook. It copies the macOS keychain, harvests cookies and saved logins from 12 Chromium-based browsers plus Firefox and Waterfox, and extracts Telegram session data. It also scans 16 cryptocurrency wallet directories, including Ledger Live, Trezor Suite, Exodus, Electrum, and Sparrow. Finally, it searches Desktop and Documents folders for files with extensions like `.wallet,` `.seed`, `.key`, and `.kdbx`. The collected data is compressed into a temporary archive and sent to a hardcoded server.\\n\\n### The wallet replacement feature is especially dangerous\\n\\nThere\u2019s one more part of the macOS payload, and it\u2019s likely the feature that justifies the price tag. After the initial data theft, the script downloads trojanized versions of Ledger Live, Ledger Wallet, and Trezor Suite from a second server. It then attempts to delete the legitimate wallet apps and replace them with the attacker\u2019s versions.\\n\\nIf the user\u2019s password was captured earlier in the attack chain, the script uses `sudo` to force the replacement. If not, it falls back to a standard `rm -rf` deletion attempt, which can still succeed if the apps are installed in a user-writable location. Either way, the next time the victim opens what appears to be their wallet software, they may actually be launching the attacker\u2019s replacement.\\n\\nThis behavior has been documented in previous public AMOS analyses and makes the operator\u2019s intent fairly clear. AMOS is heavily associated with cryptocurrency theft, and the macOS side of this campaign appears focused on exactly that outcome.\\n\\n### **What the operation cost to build**\\n\\nThis is where the AI angle becomes interesting, because the Windows and macOS sides of the operation sit at very different price points.\\n\\nThe domain `openew.app` probably cost the operators around $15 a year through a normal registrar. The `.app` domain requires HTTPS by default, making it easy for operators to present the reassuring browser padlock users associate with legitimate websites. The landing page itself is simply a copy of OpenAI\u2019s real download page, something modern cloning tools can reproduce in minutes.\\n\\nOn the Windows side, most of the tools are cheap or free. `Inno Setup` is free. `Electron` is free. The Chromium support files are public downloads. The server infrastructure appears to rely on low-cost commodity malware tooling and a basic VPS that could cost only a few dollars a month. Altogether, the Windows side of this operation could plausibly have cost under $100 to set up initially.\\n\\nThe macOS side is very different. AMOS has reportedly rented for around $3,000 per month, paid in cryptocurrency. By comparison, Lumma\u2014a popular Windows infostealer often treated as a similar product\u2014has historically advertised entry tiers around $250 per month.\\n\\nThat price gap says a lot. The operators clearly believe a successful Mac infection is worth much more money than a typical Windows infection.\\n\\nThe likely reason is simple: AMOS is designed specifically for cryptocurrency theft, including the wallet-replacement behavior seen in this campaign. The operators are betting that a meaningful number of Mac users hold cryptocurrency.\\n\\nGetting victims to the site is probably the only major ongoing cost, and that\u2019s where the AI branding becomes valuable. Search ads, SEO poisoning, YouTube spam, and links shared in AI-focused Discord and Telegram communities can all drive traffic to fake download pages. Some of those channels cost money. Others are almost free.\\n\\n## Why attackers are going after AI brands\\n\\nMost established software already has trusted download habits built around it. If you want Chrome, you probably know to go to Google. If you want Photoshop, you go to Adobe. People already know where the real download lives.\\n\\nAI tools are different because most users are still installing them for the first time, and that means relying on search results, ads, YouTube links, or social posts to find the download page. That creates an ideal environment for fake sites.\\n\\nOver the last two years, products like ChatGPT, Claude, Gemini, Sora, DeepSeek, Antigravity, and many others have launched or changed rapidly. Every new release creates another wave of users searching for \u201cdownload ChatGPT\u201d or \u201cinstall Claude\u201d without knowing the official URL. That search traffic is exactly where attackers set up shop.\\n\\nThe fake pages also do not need to be especially sophisticated because legitimate AI product pages are already minimal by design: a modern layout, a logo, and a large download button. `Openew[.]app` matches what users expect to see. There is no broken English or aggressive pop-ups here, just identical branding, copy, and the reassuring browser padlock.\\n\\nWhat makes this kind of operation durable is how easily it can rotate brands. When the ChatGPT lure stops attracting clicks, the operators can reuse the same infrastructure around the next trending AI product. The malware behind the download button stays the same. Only the branding changes.\\n\\n## What AI vendors could do\\n\\nMost major AI vendors, including OpenAI, already provide official download channels. The problem is visibility and user habit. Many users still search for \u201cChatGPT download,\u201d where results can include official links, unofficial mirrors, and outright malicious sites.\\n\\nLarge consumer brands and banks often run aggressive brand-protection campaigns against fake ads and impersonation domains. AI vendors may need to do the same more consistently.\\n\\nThe other issue is discoverability. Official desktop-app links are often buried in settings menus or sidebars, while search engines are faster and more obvious. That\u2019s exactly where the fake download sites are waiting.\\n\\n## What to do if you may have installed the fake app\\n\\nIf you recently installed something claiming to be ChatGPT from anywhere other than OpenAI\u2019s official download page or the Microsoft Store, you may have been affected. From a different, clean device:\\n\\n * Sign out of your important accounts using each service\u2019s \u201csign out everywhere\u201d option. This includes email, banking, cloud storage, GitHub, Discord, Telegram, and cryptocurrency exchanges.\\n * Change passwords starting with your primary email account.\\n * Rotate any API keys, SSH keys, and cloud credentials stored on the affected machine.\\n * If you hold cryptocurrency, move funds immediately using a separate clean device. On macOS specifically, do not open Ledger Live or Trezor Suite on the affected machine before reinstalling the operating system, as the wallet-replacement function may have succeeded.\\n * Monitor bank accounts and payment cards for suspicious activity.\\n * Reinstall the operating system. The Windows sample showed PowerShell command-and-control behavior, while the macOS payload may have captured the user\u2019s login password. A clean reinstall is the safest recovery path.\\n * If this was a work device, contact your IT or security team immediately.\\n\\n\\n\\n## Closing thoughts\\n\\nThe reason this campaign is worth writing about is not the malware itself. Both payloads are already well documented. The Windows side is a commodity kit assembled from cheap, widely available parts. The macOS side is AMOS, a malware family that has been tracked since 2023.\\n\\nWhat’s more interesting is the shape of the operation around that malware. A single fake site delivers two different payloads aimed at two different victim economics. Windows victims are positioned for broad monetization through credential and cookie theft. Mac victims are targeted more narrowly and lucratively through cryptocurrency theft, with operators apparently willing to spend thousands per month on tooling because the returns justify it.\\n\\nThe lure tying both sides together is the AI brand itself. Right now, AI product names generate huge amounts of first-time-download traffic from users who do not yet know the official URLs.\\n\\nThis is what a mature delivery business looks like. The interesting layer is not the binary, but the supply chain around it: the domain, certificate, clone page, traffic source, malware subscription, and exfiltration infrastructure. Each piece is cheap, modular, replaceable, and available off the shelf.\\n\\nAnd the operators are not choosing between Windows and macOS. They are serving both from the same page, with payloads tuned to each platform\u2019s economics. When one AI brand stops converting, they can simply swap the branding and reuse the same infrastructure around the next trending product.\\n\\nAI hype will eventually fade. The kit probably will not.\\n\\n## Indicators of Compromise (IOCs)\\n\\n**File hashes (SHA-256)**\\n\\n * `c9e0e6985dca3a179c9bdea4e7b38f7dc57fe00ecedc2fd634256fc53bf2de2d` (`Chat_GPT.exe`)\\n * `c0919e1999eaee67e67aeda0287722775afb04e9a9a0f727928b4d11265fb70b` (`ChatGpt.dmg`)\\n\\n\\n\\n**Network indicators**\\n\\n * `openew[.]app`\\n * `188[.]137[.]246[.]189`\\n * `192[.]253[.]248[.]181`\\n * `172[.]94[.]9[.]250`\\n\\n\\n\\n* * *\\n\\n\\n\\n### ****\u201cOne of the best cybersecurity suites on the planet.\u201d** **\\n\\nAccording to CNET. Read their review \u2192\\n\\n* * *”,”published”:”2026-05-28T10:18:26″,”modified”:”2026-05-28T10:18:26″,”type”:”malwarebytes”,”title”:”Fake ChatGPT download site infects Windows and Mac users with malware”,”source”:””,”references”:””,”id”:”MALWAREBYTES:4693DE4CDAD6A288B9134EB886AAD231″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/threat-intel\/2026\/05\/fake-chatgpt-download-site-infects-windows-and-mac-users-with-malware”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-28T12:09:34″,”description”:”A convincing fake website is impersonating OpenAI\u2019s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-57733","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n