According to a report from The Decoder, hackers are actively exploiting the chat-sharing feature of ChatGPT and Claude—two of today's most popular AI tools—to distribute malware. This new attack method is particularly dangerous as it directly leverages users' trust in legitimate domains from OpenAI and Anthropic to bypass standard security filters.
How the Attack Unfolds
The malware distribution process is highly sophisticated. Attackers simulate conversations where the AI appears to present technical error messages or detailed software installation guides. Within these responses, they cleverly insert download links for malicious files.
Then, the hackers use the public link-sharing feature of ChatGPT or Claude to send them to victims. Since these links feature completely valid and trusted domains, email security scanners and firewalls typically bypass them, allowing them to reach end-users directly without raising any red flags.
Why This Matters
For the tech community and developers in Vietnam, this behavioral vulnerability poses a massive cybersecurity challenge. Sharing prompts, source code, and sample AI chats for study and work purposes has become extremely common across various community groups.
Users tend to lower their guard when they see links starting with the official domains of OpenAI or Anthropic. However, the emergence of this attack method forces us to change our security habits: absolutely do not download or execute any files or source code recommended from public chat-sharing links without thorough verification.