Posted in

AI Phishing Campaigns Impersonate ChatGPT, Claude, DeepSeek

by Rakesh0

Cybercriminals are increasingly exploiting the global surge in artificial intelligence adoption, launching sophisticated AI phishing attacks that impersonate platforms like ChatGPT, Claude, and DeepSeek.

These campaigns are not breaches of AI providers themselves. Instead, attackers are weaponizing trusted brand identities to trick users into revealing login credentials, payment data, and authentication tokens, creating a fast-growing threat across enterprises and developer communities.

Recent findings from Microsoft Threat Intelligence show that these campaigns are already impacting thousands of organizations worldwide, leveraging advanced social engineering tactics combined with multi-stage attack chains.

Key Details

The campaigns identified in early 2026 demonstrate a clear shift in attacker strategy—moving toward AI-themed lures due to the rapid adoption of tools like ChatGPT and Claude.

Key characteristics include:

  • Use of trusted AI branding to increase click-through rates
  • Multi-stage redirection chains using legitimate platforms
  • Targeting both individual users and enterprise environments
  • Credential theft combined with malware delivery (Vidar infostealer)

Scale and targeting vary across campaigns:

  • ChatGPT phishing campaign (May 5, 2026)
    • Sent ~4,500 emails
    • Targeted users in South Africa
  • Claude phishing campaign (April 20–22, 2026)
    • Impacted over 2,000 organizations globally
  • DeepSeek-themed malware campaigns
    • Launched within minutes of product announcements

This speed highlights how quickly threat actors exploit trending technologies.

Technical Analysis

ChatGPT-Themed Phishing Campaign

Attackers sent emails warning users that their ChatGPT Plus subscriptions would be downgraded unless payment details were updated.

The attack chain involved:

  1. Phishing email with ChatGPT branding
  2. Redirects through trusted services (CRM tools, Amazon domains, URL shorteners)
  3. Final delivery to a compromised website hosting a fake payment page

The phishing page included:

  • Fake CAPTCHA to evade automated detection
  • Multi-step forms collecting personal and financial data
  • Full credit card harvesting

This layered redirection technique helps evade detection tools by leveraging trusted infrastructure at intermediate stages.

Claude Phishing Campaign and AiTM Attack

The Claude campaign introduced a more advanced Adversary-in-the-Middle (AiTM) phishing technique.

  • Victims received a PDF titled:
    “Fill and Sign Claude Appeal Form.pdf”
  • The document linked to an attacker-controlled site
  • Users were redirected through verification screens
  • Final destination: a fake Microsoft login page

This allowed attackers to capture:

  • Credentials
  • Session cookies
  • Authentication tokens

Such attacks enable session hijacking, even bypassing MFA in some cases.

DeepSeek Malvertising and Malware Delivery

Following the announcement of DeepSeek’s V4 model, attackers rapidly launched a fake GitHub organization with:

  • Stolen branding
  • Real benchmark data
  • Search engine optimization to attract downloads

Users downloading these files unknowingly installed:

  • A loader that delivered Vidar infostealer

In parallel, a malvertising campaign linked to Storm-3075 distributed a fake “Awesome AI Windows Plugin”:

  • Hosted on streaming websites
  • Signed using fraudulent certificates tied to Fox Tempest
  • Installed a Python-based downloader fetching Vidar malware

Vidar Infostealer Capabilities

Once deployed, Vidar performs extensive data exfiltration:

  • Browser credentials and saved passwords
  • Cryptocurrency wallets
  • Session tokens and cookies
  • System configuration and user data

This aligns with credential harvesting and data exfiltration techniques (MITRE ATT&CK T1555, T1041).

Impact and Risks

Who Is Targeted

  • Individual users of AI platforms
  • Enterprise employees
  • Developers using AI tools
  • Organizations integrating AI services

Business Impact

Successful attacks can lead to:

  • Credential compromise and account takeover
  • Theft of financial data and payment information
  • Unauthorized access to enterprise systems
  • Lateral movement within networks

Why These Attacks Are Effective

  • High trust in AI platforms
  • Limited user awareness of legitimate communications
  • Use of real infrastructure to mask attack chains
  • Rapid response to trending technologies

This combination results in high success rates for social engineering campaigns.

Expert Recommendations

1. Verify AI Communications

  • Avoid clicking links in unsolicited emails
  • Access AI platforms directly via official URLs

2. Enable Strong Authentication

  • Enforce multi-factor authentication (MFA) across all accounts
  • Use hardware-based authentication where possible

3. Monitor for Phishing Indicators

  • Unexpected subscription/payment alerts
  • Suspicious PDFs or download links
  • Unusual login attempts or token usage

4. Deploy Advanced Email Security

  • Use link scanning and sandboxing tools
  • Block suspicious domains and shorteners

5. Secure Developer Environments

  • Validate downloads from official repositories only
  • Monitor for unauthorized software installations

6. Detect Malware Activity

  • Monitor for Vidar-related indicators:
    • Command-and-control domains
    • Unknown executables
    • Suspicious outbound traffic

7. Rotate Compromised Credentials

  • Immediately revoke exposed tokens
  • Rotate API keys and passwords

Industry Context

The rise of AI phishing campaigns reflects a broader evolution in cybercrime: attackers are aligning their tactics with technology adoption trends.

As AI tools become deeply embedded in workflows, they present:

  • High-value targets for credential theft
  • New vectors for social engineering
  • Opportunities for large-scale identity-based attacks

The use of malvertising, fake GitHub repositories, and LLM-themed lures signals a convergence of:

  • Supply chain attacks
  • Social engineering
  • Malware distribution

Additionally, the integration of legitimate platforms into attack chains highlights the increasing challenge of detecting modern phishing operations.

Conclusion

The abuse of ChatGPT, Claude, and DeepSeek branding marks a significant shift in phishing tactics. By exploiting trust in AI platforms, attackers are successfully deceiving users and compromising sensitive data at scale.

Organizations must adopt a proactive security posture—combining user awareness, strong authentication, and advanced detection controls—to defend against this rapidly evolving threat landscape.

FAQ SECTION

What are AI phishing attacks?

They are phishing campaigns that impersonate AI platforms like ChatGPT or Claude to trick users into revealing credentials and sensitive data.

Are ChatGPT or Claude compromised?

No, these attacks do not involve breaches of the platforms themselves; they rely on social engineering.

What malware is used in these campaigns?

The campaigns often deploy Vidar infostealer, which steals credentials, tokens, and system data.

How do attackers avoid detection?

They use multi-stage redirection through trusted services and sophisticated phishing pages with CAPTCHAs.

How can users stay safe?

Verify links, enable MFA, avoid downloading unknown files, and use security tools to detect phishing attempts.

Subscribe

Leave a Reply

Your email address will not be published. Required fields are marked *