Back to Intelligence

ChatGPT Shared Content Abuse: Detecting Malicious chatgpt.com/s Campaigns

SA
Security Arsenal Team
June 1, 2026
6 min read

Security researchers at Push Security have identified an active social engineering campaign where threat actors are abusing the "Shared Content" feature of OpenAI's ChatGPT. By uploading malicious payloads and generating public sharing links hosted on the legitimate chatgpt.com/s/ domain, attackers are effectively bypassing email security gateways and URL filtering solutions that whitelist the OpenAI ecosystem.

The trust users place in the chatgpt.com domain makes this vector particularly insidious. Unlike traditional phishing campaigns utilizing typosquatting or newly registered domains, these attacks originate from a verified, high-reputation domain. This creates a significant blind spot for perimeter defenses, allowing malware delivery mechanisms—often executables or malicious archives masquerading as documents—to reach the endpoint undetected.

Defenders must treat this as a high-priority threat. While no software vulnerability is being exploited, the vulnerability lies in human trust and the gap between reputation-based filtering and emerging abuse vectors. Immediate hunting for these specific URL patterns and user education are required to stem the infection flow.

Technical Analysis

  • Affected Products/Platforms: OpenAI ChatGPT (Web Interface). The campaign specifically targets users accessing shared links via email or messaging platforms.
  • CVE Identifiers: N/A (Abuse of legitimate feature).
  • Attack Vector: Social Engineering / Phishing (T1566.001) and Trusted Relationship (T1199).
  • Attack Chain:
    1. Preparation: Attacker uploads malicious file (e.g., malware-laden PDF or EXE) to a ChatGPT session.
    2. Generation: Attacker uses the "Share" feature to create a public link (e.g., https://chatgpt.com/s/[random-id]).
    3. Delivery: Attacker distributes the link via phishing emails or SMS, posing as a legitimate document or report (often related to business tasks to leverage the AI context).
    4. Exploitation: User clicks the link, trusting the domain. The ChatGPT interface presents the content/download. User executes the payload.
  • Exploitation Status: Confirmed active exploitation (ITW).

Detection & Response

Detecting this threat requires shifting focus from domain reputation (which will fail here) to specific URL path analysis and behavioral anomalies. Since chatgpt.com is typically whitelisted, defenders must utilize deep packet inspection (SSL inspection) or proxy logs to identify the /s/ path usage correlated with external inbound traffic.

Sigma Rules

YAML
---
title: Potential ChatGPT Phishing Link Access
id: 9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d
status: experimental
description: Detects access to the ChatGPT shared content path (/s/), which is currently being abused to deliver malware. Correlation with email logs is recommended to filter out legitimate internal sharing.
references:
  - https://www.infosecurity-magazine.com/news/attackers-shared-content-chatgpt/
author: Security Arsenal
date: 2025/04/08
tags:
  - attack.initial_access
  - attack.t1566.001
logsource:
  category: proxy
  product: null
detection:
  selection:
    cs-uri-query|contains: '/s/'
    c-uri|contains: 'chatgpt.com'
  condition: selection
falsepositives:
  - Legitimate sharing of ChatGPT conversations by employees
level: medium
---
title: Browser Process Downloading Content from ChatGPT Share
id: b1c2d3e4-5f6a-7b8c-9d0e-1f2a3b4c5d6e
status: experimental
description: Detects browser processes initiating network connections to the specific ChatGPT sharing path. This helps identify endpoints interacting with potentially weaponized links.
references:
  - https://www.infosecurity-magazine.com/news/attackers-shared-content-chatgpt/
author: Security Arsenal
date: 2025/04/08
tags:
  - attack.initial_access
  - attack.t1566.001
logsource:
  category: network_connection
  product: windows
detection:
  selection:
    Initiated: 'true'
    DestinationHostname|contains: 'chatgpt.com'
    DestinationPort: 443
  filter_path:
    DestinationUrl|contains: '/s/'
  condition: selection and filter_path
falsepositives:
  - Legitimate user usage of ChatGPT sharing features
level: low

KQL (Microsoft Sentinel / Defender)

This query hunts for proxy or network connection events indicating access to the specific shared content path.

KQL — Microsoft Sentinel / Defender
// Hunt for ChatGPT shared content access
let TimeFrame = 1d;
DeviceNetworkEvents
| where Timestamp > ago(TimeFrame)
| where RemoteUrl contains "chatgpt.com" 
| where RemoteUrl contains "/s/"
| project Timestamp, DeviceName, InitiatingProcessAccountName, RemoteUrl, RemoteIP
| extend TLD = extract(@"https?://([a-z0-9.-]+)", 1, RemoteUrl)
| where TLD contains "chatgpt.com"
| sort by Timestamp desc

Velociraptor VQL

This artifact hunts for evidence of the malicious URL pattern in the browser history of common Windows browsers.

VQL — Velociraptor
-- Hunt for ChatGPT shared links in browser history
SELECT * FROM foreach(
    glob(globs='*/Users/*/AppData/Local/Google/Chrome/User Data/*/History'),
    {
        SELECT 
            timestamp(url.last_visit_time / 1000000 - 11644473600) AS LastVisited,
            url.title AS PageTitle,
            url.url AS URL,
            path=Source
        FROM sqlite(file=Source, query="SELECT * FROM urls")
        WHERE URL =~ "chatgpt.com/s/"
    }
) UNION ALL SELECT * FROM foreach(
    glob(globs='*/Users/*/AppData/Local/Microsoft/Edge/User Data/*/History'),
    {
        SELECT 
            timestamp(url.last_visit_time / 1000000 - 11644473600) AS LastVisited,
            url.title AS PageTitle,
            url.url AS URL,
            path=Source
        FROM sqlite(file=Source, query="SELECT * FROM urls")
        WHERE URL =~ "chatgpt.com/s/"
    }
)

Remediation Script (PowerShell)

This script scans Chrome and Edge History SQLite databases on the local machine for recent access to the /s/ path to assess potential exposure. It requires Admin privileges to access user profiles.

PowerShell
<#
.SYNOPSIS
    Scans browser history for interactions with ChatGPT shared links.
.DESCRIPTION
    Identifies potential exposure to the ChatGPT social engineering campaign
    by checking Chrome and Edge history for the /s/ path.
#>

$ErrorActionPreference = "SilentlyContinue"
$Users = Get-ChildItem "C:\Users" -Directory
$Results = @()

foreach ($User in $Users) {
    $ChromePath = "$($User.FullName)\AppData\Local\Google\Chrome\User Data"
    $EdgePath = "$($User.FullName)\AppData\Local\Microsoft\Edge\User Data"
    
    # Function to search SQLite history
    function Search-History {
        param($Path, $Browser)
        $HistoryFiles = Get-ChildItem -Path $Path -Recurse -Filter "History" -File -ErrorAction SilentlyContinue
        foreach ($File in $HistoryFiles) {
            $TempCopy = "$env:TEMP\temp_history_$(Get-Random).db"
            Copy-Item $File.FullName $TempCopy
            try {
                $Query = "SELECT datetime(last_visit_time/1000000-11644473600, 'unixepoch') as VisitedTime, url, title FROM urls WHERE url LIKE '%chatgpt.com/s/%'"
                Invoke-SqliteQuery -DataSource $TempCopy -Query $Query | ForEach-Object {
                    $Results += [PSCustomObject]@{
                        User        = $User.Name
                        Browser     = $Browser
                        VisitedTime = $_.VisitedTime
                        URL         = $_.url
                        Title       = $_.title
                    }
                }
            } catch {
                # Lock handled by copy, but SQLite module dependency required. Assuming Invoke-SqliteQuery is available or PSSQLite module loaded.
            } finally {
                Remove-Item $TempCopy -Force -ErrorAction SilentlyContinue
            }
        }
    }

    if (Test-Path $ChromePath) { Search-History -Path $ChromePath -Browser "Chrome" }
    if (Test-Path $EdgePath)   { Search-History -Path $EdgePath -Browser "Edge" }
}

if ($Results) {
    Write-Host "[!] Potential Threat Detected: ChatGPT Shared Links Found" -ForegroundColor Red
    $Results | Format-Table -AutoSize
} else {
    Write-Host "[+] No ChatGPT shared links found in browser history." -ForegroundColor Green
}

Remediation

1. Network Filtering Updates:

SQL
Update your Secure Web Gateway (SWG) or proxy configurations. If your organization permits generic AI usage, create a specific rule to block or require explicit authentication for the path `chatgpt.com/s/*`. Ideally, block file downloads originating from this specific path.

2. SSL Inspection: Ensure SSL/TLS inspection is enabled for traffic to *.openai.com and *.chatgpt.com. Without decryption, perimeter defenses cannot inspect the URL path (/s/) to differentiate between standard API usage and the weaponized sharing links.

3. User Awareness Campaign: Immediately notify users that attackers are sharing malicious links via ChatGPT. Advise them to treat unexpected chatgpt.com/s/ links with the same skepticism as unknown domains, even if the sender appears internal or known.

4. Block Macros/Scripts: Since the delivery mechanism often involves documents, ensure that Office macros and scripts are blocked from the internet and running in Mark-of-the-Web (MotW) protected environments.

Related Resources

Security Arsenal Incident Response Services AlertMonitor Platform Book a SOC Assessment incident-response Intel Hub

incident-responseransomwarebreach-responseforensicsdfirsocial-engineeringphishingchatgpt

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action