Fake ChatGPT download site infects Windows and Mac users with malware


A convincing fake website is impersonating OpenAI’s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information.

The site, openew[.]app, closely mimics OpenAI’s real ChatGPT download experience and offers what appear to be official desktop apps for both Windows and macOS. Instead, Windows users receive a credential-stealing malware loader, while Mac users get Odyssey Stealer, a fork of Atomic Stealer (AMOS), a well-known macOS malware family associated with cryptocurrency theft.

Read more…
Source:  Malwarebytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • An unnamed US county paid $1M extortion demand to cybercriminals

    July 9, 2026

    A US county reportedly paid $1 million to Kairos, an extortion gang that claimed to have stolen more than 2 TB of data, but the county never received independently verifiable proof that the stolen files had been deleted – just the criminals’ promise. This means the county’s stolen files may turn up for sale on a ...

  • 6.9 million driver’s license numbers stolen from AssuranceAmerica

    July 9, 2026

    Insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of up to 6.9 million people. AssuranceAmerica provides car and rental insurance to customers across 14 US states through a network of over 9,500 independent agents. The breach notice letter also mentions information about customers’ auto insurance policies and accounts, their drivers and ...

  • AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data

    July 3, 2026

    AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing. The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals. The attack targeted an ...

  • FBI: Cyber Criminal Group TeamPCP

    July 2, 2026

    The Federal Bureau of Investigation (FBI) is releasing this FLASH to highlight the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the cyber criminal group TeamPCP. TeamPCP actors have conducted large-scale software supply chain compromises by targeting widely used developers and security tools, gaining access to victim environments and extracting sensitive ...

  • Politician who investigated spyware abuses had his phone hacked with Pegasus spyware

    July 2, 2026

    Security researchers have confirmed that a European politician had his phone hacked with the Pegasus spyware while serving on an investigatory committee probing abuses of the notorious surveillance tool. This has reignited fresh controversy over governments abusing spyware to collect information about their critics. The researchers at the University of Toronto’s digital rights unit The Citizen ...

  • ToddyCat: your hidden email assistant. Part 2

    June 30, 2026

    Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting ...