Cybersecurity researchers found a thing that looks like the ChatGPT desktop app. This thing can cause problems for Windows and Mac users.
Security people at Malwarebytes found a website called openew.app. It looks a lot like the ChatGPT download page from OpenAI.
According to Malwarebytes’ research, the campaign appears to be actively targeting users who search for “ChatGPT download” or “ChatGPT for PC/Mac” on search engines.
The fake site openew.app was designed to rank in search results or appear as a sponsored ad, intercepting users before they reach OpenAI’s official page at chat.openai.com.
Malwarebytes flagged this as part of a broader pattern of cybercriminals building lookalike pages around high-traffic AI tools, a tactic that has spiked significantly since ChatGPT hit mainstream popularity in 2023.
How The Fake ChatGPT Download Works
People do not know where to get AI programs, like ChatGPT, because they are not very aware of how open.ai page looks like.
What makes this particularly dangerous is how open.app mimics OpenAI’s real download interface. The fake page reportedly uses the same ChatGPT logo, identical button styling, and similar page layout to the official site.
The URL is the only immediate way to check. OpenAI’s actual download page lives at openai.com, not openew.app. Without checking the address bar carefully, a user downloading ChatGPT for the first time would have no reason to suspect anything is wrong.
If you downloaded the fake ChatGPT, what happens next depends on your pc.
Windows users receive what appears to be a normal installer file. The Windows-specific malware functions as a Remote Access Trojan (RAT), a software that quietly installs itself, contacts attacker-controlled servers, and gives cybercriminals the ability to view files, capture screenshots, and potentially deploy additional malware at any time on your pc.
Unlike the Mac version, which focuses on stealing stored data immediately, the Windows version appears designed for persistent, ongoing access, which means attackers can return repeatedly without the user knowing.
Mac users face a different threat. The fraudulent installer reportedly delivers a malware strain known as Odyssey Stealer,
The malware targets:
- Browser passwords
- Stored cookies
- Telegram sessions
- Cryptocurrency wallet files
- Account credentials
Researchers also warn that the malware attempts to replace legitimate cryptocurrency wallet applications, including Ledger Live and Trezor Suite, with compromised versions controlled by attackers.
How To Check If Your PC Might Be Affected
If you recently downloaded ChatGPT from an unfamiliar website, there are several warning signs worth checking:
- Always download ChatGPT directly from openai.com, type it manually into your browser rather than clicking a search result or ad.
- Be especially cautious with sponsored search results. The fake site likely appears above organic results by paying for ad placement
- Check the URL before downloading anything. openew.app is not OpenAI. The only legitimate domain is openai.com
- If a download page looks slightly off, like different fonts, awkward spacing, or URLs that don’t match. Just close the tab immediately.
- Use an ad blocker. Many of these fake download pages survive entirely on paid search traffic.
If you still suspect your device may be compromised, cybersecurity experts recommend acting immediately.
What To Do If You Downloaded The Fake App
If you have somehow downloaded the fake app, you need to do some of the following things.
Step 1: Sign Out Of Important Accounts
Step 2: Change Your Passwords
Step 3: Secure Cryptocurrency Holdings
Step 4: Monitor Financial Activity
Step 5: Reinstall the Operating System
Reinstalling your operating system is a last option, not always a required step. If you have completed Steps 1 to 4 quickly after downloading the fake app and your security software has since come back clean, a full reinstall may not be necessary.
However, if suspicious activity continues, unfamiliar processes keep appearing, or your security software cannot fully remove detected threats, a clean reinstall is the most reliable way to ensure the malware is completely gone.
For Windows users, this can be done through:
Settings > System > Recovery > Reset PC
While Mac users can reinstall macOS through Recovery Mode by accessing the recovery environment and selecting Reinstall macOS.
Before performing any reset, it is important to back up essential files and documents.
Also Read: How You Could Access Notification Center In iOS 27: What The Latest Reports Reveal
