Fake ChatGPT Download Site Distributes Cross-Platform Malware to Windows and macOS Users

A convincing fake website impersonating OpenAI's ChatGPT download page is actively infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information. The site, openew[.]app, closely mimics OpenAI's real ChatGPT download experience and offers what appear to be official desktop apps for both Windows and macOS. Instead, Windows users receive a credential-stealing malware loader, while Mac users get Atomic Stealer (AMOS), a well-known macOS malware family associated with cryptocurrency theft.

The dual-platform setup is what makes the operation notable. Clicking the Windows download delivers a fake installer that opens a back channel to an attacker-controlled server. Clicking the macOS button delivers malware that steals browser passwords, cookies, Telegram sessions, cryptocurrency wallets, and other sensitive files. It also attempts to replace legitimate Ledger and Trezor wallet apps with trojanized versions.

The Windows malware, Chat_GPT.exe, is built almost entirely from off-the-shelf parts. The installer uses Inno Setup, a free open-source toolkit used by thousands of legitimate Windows products. Inside is an Electron application skeleton bundled with standard support libraries. When the victim runs the installer, it creates files under %APPDATA%\LeronApplication, launches EApp.exe, and spawns PowerShell with the flags -ExecutionPolicy Unrestricted -Command -. The trailing dash tells PowerShell to read commands from standard input, meaning the malicious instructions never touch the disk where scanners might detect them. Behavioral telemetry recorded HTTP traffic to 188.137.246.189 using a /laravel.php endpoint, alongside injection-like activity and service/autorun persistence signals.

The macOS payload is Atomic Stealer (AMOS), a malware-as-a-service platform documented since 2023. The sandboxed sample matches well-known AMOS behavior patterns: a long AppleScript chain passed to the macOS scripting engine, a silent password validation attempt using macOS directory-service commands, and—if that silent check fails—a fake macOS-style prompt reading "Please enter device password to continue," complete with the familiar lock icon. Whatever the user types is validated against the same command. If it matches, the malware captures the user's login password in cleartext.

From there, it follows a familiar AMOS playbook. It copies the macOS keychain, harvests cookies and saved logins from 12 Chromium-based browsers plus Firefox and Waterfox, and extracts Telegram session data. It also scans 16 cryptocurrency wallet directories, including Ledger Live, Trezor Suite, Exodus, Electrum, and Sparrow. Finally, it searches Desktop and Documents folders for files with extensions like .wallet, .seed, .key, and .kdbx. The collected data is compressed into a temporary archive and sent to a hardcoded server.

One particularly dangerous feature is the wallet replacement capability. After the initial data theft, the script downloads trojanized versions of Ledger Live, Ledger Wallet, and Trezor Suite from a second server. It then attempts to delete the legitimate wallet apps and replace them with the attacker's versions. If the user's password was captured earlier, the script uses sudo to force the replacement. If not, it falls back to a standard rm -rf deletion attempt, which can still succeed if the apps are installed in a user-writable location. The next time the victim opens what appears to be their wallet software, they may actually be launching the attacker's replacement.

The domain openew[.]app uses a dark theme, OpenAI-style branding, familiar marketing copy, and prominent download buttons. The .app top-level domain is operated by Google and requires HTTPS connections, meaning browsers display the familiar padlock icon without obvious certificate warnings. Users are advised to only download ChatGPT from OpenAI's official download page or the Microsoft Store to avoid falling victim to this campaign.