Fake ChatGPT desktop app ads pushed password-stealing malware. By masquerading as official desktop applications, these malicious ads bypass security scanners and deceive users into downloading harmful software. This tactic is part of a broader trend where attackers exploit trusted platforms like ChatGPT and Claude. For instance, the recently discovered “ClaudeBleed” vulnerability allowed rogue browser extensions to compromise the Claude interface. Now, bad actors are going a step further by misusing built-in features of these AI tools to deliver malware while easily evading standard web filters and security protocols.
