serisec

Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials

Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials










Cybercriminals have found a clever new trick: turning the world’s most popular AI tools into traps. By disguising phishing attacks with the branding of platforms like ChatGPT, Claude, and DeepSeek, threat actors are luring users into handing over login credentials, credit card numbers, and authentication tokens.

The surge in AI adoption has given attackers fertile ground to exploit. Millions of people now rely on AI assistants daily, and many are still learning what legitimate communications from these platforms look like.

This creates the perfect window for fraud. Attackers dress up a fake page or email to resemble a trusted AI platform, and a significant number of people click without a second thought.

Microsoft Threat Intelligence analysts identified and documented several of these campaigns that unfolded in early 2026.

Microsoft said in a report shared with Cyber Security News (CSN) that these campaigns do not represent any actual breach of the AI services themselves.

They are pure social engineering operations that borrow trusted brand names to push users into clicking a link, opening a PDF, or downloading a file.

What makes these attacks harder to stop is that attackers route victims through real, trusted services before reaching the malicious destination.

Attack chain of ChatGPT-themed lure leading to phishing kit (Source - Microsoft)
Attack chain of ChatGPT-themed lure leading to phishing kit (Source – Microsoft)

Platforms like URL shorteners, CRM tools, and GitHub are layered into the chain to avoid detection. By the time someone realizes something is wrong, their information may already be gone.

The consequences are serious, as thousands of organizations across multiple countries have been targeted, with victims losing credit card data, account access, and authentication tokens that hand attackers a direct entry point into corporate systems.

Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands

The ChatGPT-themed campaign detected on May 5, 2026 shows how this works in practice.

Attackers sent around 4,500 emails to targets in South Africa, warning that their ChatGPT Plus subscription would be downgraded unless they updated their payment method within seven days.

The emails carried the ChatGPT logo and a clickable update button that looked entirely legitimate.

That button did not send users directly to a malicious site. Victims were bounced through a CRM service, an Amazon tracking domain, and a URL shortener before landing on a compromised website where a fake payment page sat inside a subfolder.

Phishing landing page collecting name and address (Source - Microsoft)
Phishing landing page collecting name and address (Source – Microsoft)

The page showed a fake CAPTCHA to filter automated scanners, then collected personal details and full credit card information across two steps.

The Claude-themed campaign ran from April 20 to 22, 2026, reaching more than 2,000 organizations in the United States, the United Kingdom, and India.

Attack chain of Claude-themed phishing campaign leading to AiTM (Source - Microsoft)
Attack chain of Claude-themed phishing campaign leading to AiTM (Source – Microsoft)

Emails claimed the recipient’s account had violated usage policies, with a PDF named “Fill and Sign Claude Appeal Form.pdf” directing users to an attacker-controlled domain.

Attack chain for “Awesome AI Windows plugin” malvertising leading to Vidar (Source - Microsoft)
Attack chain for “Awesome AI Windows plugin” malvertising leading to Vidar (Source – Microsoft)

Victims were pushed through fake verification screens before being redirected toward what appeared to be a Microsoft sign-in page designed to steal access tokens.

Fake DeepSeek Installer and Malvertising Drop Vidar

In April 2026, attackers moved fast after DeepSeek previewed its V4 model.

Within 45 minutes, a fake GitHub organization called DeepSeek-V4 was live, loaded with stolen branding, real benchmark data, and search-optimized tags designed to rank high in both traditional and AI-assisted search results.

Users who downloaded the archives received a loader that silently installed Vidar infostealer on their devices.

A separate malvertising campaign linked to Storm-3075 pushed a fake product called “Awesome AI Windows Plugin” through free movie streaming sites.

Fake DeepSeek V4 campaign timeline and attack chain (Source - Microsoft)
Fake DeepSeek V4 campaign timeline and attack chain (Source – Microsoft)

The download was a fraudulently code-signed executable tied to Fox Tempest, a group running a malware-signing service used by multiple criminal actors.

Once users launched the file and clicked a “Continue” prompt, a Python downloader quietly fetched Vidar from an attacker-controlled server.

To reduce exposure, users and organizations should enable multi-factor authentication on all accounts and avoid clicking links or downloading files from unsolicited emails.

AI platform communications should always be verified by visiting the official website directly. Organizations should also deploy email link scanning tools and solutions that detect and block phishing pages before users ever reach the malicious content.

Indicators of Compromise (IoCs):-

Type Indicator Description
SHA-256 791efb555eefb7215e96659a1353a97416743b66bdd72705493129c64057d40e File hash for attachment: Fill and Sign Claude Appeal Form.pdf
URL hxxp://dash.awaydouble[.]org/0v2auth URL inside the Claude phishing PDF attachment
URL hxxps://github[.]com/shippingtechnologymovie/AI-techVideos/releases/download/13123/ProFluxeFlowAi-win-Setup.exe Fraudulent GitHub repository (taken down) hosting malware executable
SHA-256 c7c5072df9f83f4c440a5c3bb4be1d5f6c67bbf78f196406ca20d27b43b975b8 File hash for ProFluxeFlowAi-win-Setup.exe
Signer SHA-1 4f5c5b3ef45cfff7721754487a86aeff9a2e6e32 Fraudulent code-signing certificate (Fox Tempest)
Domain brokeapt[.]com Attacker-controlled C2 domain for Python loader
Domain pan.ssffaa19[.]xyz Vidar C2 domain
Domain pan.rongtv[.]xyz Vidar C2 domain
URL hxxps://github[.]com/DeepSeek-V4/deepseek-V4/releases/download/deepseek-V4/deepseek-v4-pro_x64.7z Fraudulent DeepSeek GitHub repository (taken down)
SHA-256 0a26238f6c516de5885457c93042531aa59bc206a9537cebf5267cedc6c68531 deepseek-v4-pro_x64.7z (v1)
SHA-256 8610d4fb0ec5b525071c2aaec4df0f8fcbb3673aba58a7e1959fc44e83c0e2ca deepseek-v4-flash_x64.7z (v1)
SHA-256 99231deb373997364381d1eb513d2d42231d418c3a2db9007c5af9bd56ab9371 deepseek-v4-flash_x64.7z (v2)
SHA-256 25270cc429ada8028b5b33220ed412c47907ecceea7377d608fac5af01bed56a deepseek-v4-pro_x64.7z (v2)
SHA-256 56d722b0331bf0aaa86bb37483486c6dff6ad9427fc473ed7c3226c21a9bdd23 DeepSeek-specific extracted PE (deepseek-v4-pro_x64.exe, deepseek-v4-flash_x64.exe, VectorEngine.exe)
SHA-256 5455341ed1bbe75a664fca2dd0794c508e1874f75360253a7ff5bc119bc92d80 Shared loader observed under multiple AI-brand lure names

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

The post Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials appeared first on Cyber Security News.






Tushar Subhra Dutta





Go to cyber-security-news




Posted

in

, ,

by

leeanne

Tags: