That 'ChatGPT' App You Just Downloaded Might Be Malware: How Fake AI Apps Steal Your Data
Fake ChatGPT, Sora and DeepSeek apps, websites and browser add-ons are spreading data-stealing malware. How to tell a real AI tool from a malicious copy.
You hear about a new AI tool — ChatGPT, Claude, Gemini, Sora, DeepSeek — and you want to try it now. You type “ChatGPT download” into a search engine and click the first result. That single, ordinary habit is exactly what a growing class of criminals is counting on. AI apps launch and change so fast that millions of people go looking for them without knowing the real web address — and that confusion has become one of 2026’s most reliable malware delivery routes.
- Criminals clone AI download pages, buy search ads, and build fake “AI assistant” browser extensions.
- The payload is usually an infostealer — it quietly lifts your passwords, cookies, messaging sessions and crypto wallets.
- The tools are real; the danger is in how you reach them.
- The fix costs seconds: go to the official site directly, never via a search ad.
1. The fake download sites
In May 2026, researchers at Malwarebytes found a fake website that copied OpenAI’s ChatGPT download page almost pixel-for-pixel and offered what looked like official desktop apps for Windows and Mac. What you actually got depended on your device. Windows visitors received a credential-stealing malware loader. Mac users were served Odyssey Stealer — a strain of the well-known Atomic Stealer family — which quietly harvests browser passwords, cookies, messaging-app sessions and cryptocurrency wallets. Everything looked legitimate right up to the moment it wasn’t.
2. The malicious browser extensions
Your browser is the other favourite hiding place. Two Chrome extensions posing as AI assistants — with names referencing ChatGPT, Claude and DeepSeek — were caught secretly copying users’ entire AI conversations. Between them they had been installed more than 900,000 times. They asked permission to collect “anonymous analytics” while in fact exfiltrating the full content of people’s chats. It is worth pausing on what that means: an AI helper with permission to read everything on every page can also steal everything on every page.
3. When the real platform is the trap
The cleverest campaigns abuse the genuine services. In a scheme disclosed in late May 2026 and named LLMShare, attackers used ChatGPT’s own sharing feature to host fake “outage” and “error” pages on the real chatgpt.com domain, then bought Google search ads to drive victims to them. Because the malicious page lived on a trusted domain, it sailed past many corporate web filters before delivering an infostealer or a remote-access trojan. When the bait is hosted on the genuine brand’s own address, even careful users can be fooled.
Why this works on smart people
None of these tricks rely on the victim being careless — they rely on speed and trust. The AI space moves so fast that “I’ve never heard of this exact URL” feels normal, not suspicious. Sponsored search results look authoritative. Fake outage pages manufacture urgency. The attacker’s whole job is to make you act in the two seconds before you’d otherwise stop and check.
How to download AI tools safely
- Go to the official source directly. Type the company’s real address yourself, or use the official app-store listing. Don’t search “[tool] download” and click the top result — that’s often a paid ad bought by a scammer.
- Be suspicious of desktop apps for web tools. Many AI tools run entirely in your browser and need no installer at all. A pushy “official app” download is a red flag.
- Scrutinise browser extensions. Check the developer, the reviews, and the permissions. “Read and change all your data on all websites” is a lot to hand an unknown AI helper.
- Distrust urgency and ads. Fake outage pages, limited-time offers and sponsored links all exist to make you move before you think.
- Keep security software on. A current anti-malware tool catches many of these stealers before they run.
Frequently asked questions
What is an “infostealer”?
Malware designed not to lock or damage your device but to silently copy valuable data — saved passwords, browser cookies and login sessions, messaging-app tokens, and crypto wallets — and send it to the attacker.
Aren’t app stores and the Chrome store safe?
Safer, but not perfect — the 900,000-install extensions were in the official store. Always check the developer, reviews and permissions even there.
I think I downloaded a fake one. What now?
Disconnect from the internet, run a full anti-malware scan, then — from a clean device — change passwords for your important accounts (email and bank first) and revoke active sessions.
The takeaway
The tools are real and genuinely useful. The danger lives entirely in the path you take to reach them. A few seconds spent confirming you are on the authentic site — not a look-alike, not an ad — is the cheapest security upgrade you will ever make.