A sophisticated phishing operation is targeting users searching for ChatGPT downloads, distributing platform-specific malware through a fake website that closely mimics OpenAI's official download page. The malicious site, openew[.]app, uses OpenAI-style branding, a dark theme, and familiar marketing copy to deceive visitors into downloading malware disguised as legitimate ChatGPT desktop applications. The operation delivers different payloads depending on the victim's operating system, with Windows users receiving credential-stealing malware and macOS users getting Atomic Stealer, a malware-as-a-service platform focused on cryptocurrency theft.
The fake site exploits the .app top-level domain, which is operated by Google and requires HTTPS connections, displaying the familiar browser padlock icon that users associate with legitimate websites. This technical detail, combined with the professional appearance of the site, makes it difficult for average users to distinguish the fake from the real ChatGPT download page. The operation capitalizes on the fact that many users are installing AI tools for the first time and rely on search results rather than knowing official URLs, creating an ideal environment for this type of attack.
The Windows malware, distributed as Chat_GPT.exe, uses legitimate open-source tools including Inno Setup and the Electron framework to appear credible. Once executed, it creates files in the user's AppData folder and launches PowerShell with unrestricted execution policy, reading malicious commands from standard input to avoid disk-based detection. The malware establishes communication with attacker-controlled servers and demonstrates persistence mechanisms, though only nine of 69 antivirus engines detected it at the time of analysis. The macOS payload is significantly more sophisticated and expensive, identified as Atomic Stealer (AMOS), which reportedly costs operators around $3,000 per month compared to typical Windows infostealers priced at $250 monthly.
Atomic Stealer targets macOS users through a multi-stage attack that begins with a fake system password prompt disguised as a legitimate macOS security dialog. Once the user enters their password, the malware harvests keychain data, browser credentials from 12 Chromium-based browsers plus Firefox, Telegram session data, and scans for 16 different cryptocurrency wallet applications. The most dangerous feature involves downloading trojanized versions of Ledger Live and Trezor Suite, then attempting to replace the legitimate applications with malicious copies that can intercept cryptocurrency transactions. This wallet-replacement capability demonstrates the operation's primary focus on cryptocurrency theft from Mac users.
Users who may have downloaded ChatGPT from unofficial sources should take immediate action from a clean device. This includes signing out of all important accounts using each service's remote logout feature, changing passwords starting with primary email accounts, rotating API keys and cloud credentials, and moving cryptocurrency funds immediately using a separate device. On macOS systems, users should avoid opening Ledger Live or Trezor Suite before reinstalling the operating system, as the wallet replacement may have already occurred. The safest recovery path involves a complete operating system reinstall, and users of work devices should contact their IT security teams immediately. The operation highlights how AI product launches create waves of first-time users who lack established download habits, making them vulnerable to search-based phishing attacks that can easily rotate between trending AI brands.
Source: https://www.malwarebytes.com/blog/threat-intel/2026/05/fake-chatgpt-download-site-infects-windows-and-mac-users-with-malware