Cybercriminals have found a clever new trick: turning the world’s most popular AI tools into traps. By disguising phishing attacks with the branding of platforms like ChatGPT, Claude, and DeepSeek, threat actors are luring users into handing over login credentials, credit card numbers, and authentication tokens.
The surge in AI adoption has given attackers fertile ground to exploit. Millions of people now rely on AI assistants daily, and many are still learning what legitimate communications from these platforms look like.
This creates the perfect window for fraud. Attackers dress up a fake page or email to resemble a trusted AI platform, and a significant number of people click without a second thought.
Microsoft Threat Intelligence analysts identified and documented several of these campaigns that unfolded in early 2026.
Microsoft said in a report shared with Cyber Security News (CSN) that these campaigns do not represent any actual breach of the AI services themselves.
They are pure social engineering operations that borrow trusted brand names to push users into clicking a link, opening a PDF, or downloading a file.
What makes these attacks harder to stop is that attackers route victims through real, trusted services before reaching the malicious destination.
Attack chain of ChatGPT-themed lure leading to phishing kit (Source – Microsoft)
Platforms like URL shorteners, CRM tools, and GitHub are layered into the chain to avoid detection. By the time someone realizes something is wrong, their information may already be gone.
The consequences are serious, as thousands of organizations across multiple countries have been targeted, with victims losing credit card data, account access, and authentication tokens that hand attackers a direct entry point into corporate systems.
Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands
The ChatGPT-themed campaign detected on May 5, 2026 shows how this works in practice.
Attackers sent around 4,500 emails to targets in South Africa, warning that their ChatGPT Plus subscription would be downgraded unless they updated their payment method within seven days.
The emails carried the ChatGPT logo and a clickable update button that looked entirely legitimate.
That button did not send users directly to a malicious site. Victims were bounced through a CRM service, an Amazon tracking domain, and a URL shortener before landing on a compromised website where a fake payment page sat inside a subfolder.
Phishing landing page collecting name and address (Source – Microsoft)
The page showed a fake CAPTCHA to filter automated scanners, then collected personal details and full credit card information across two steps.
The Claude-themed campaign ran from April 20 to 22, 2026, reaching more than 2,000 organizations in the United States, the United Kingdom, and India.
Attack chain of Claude-themed phishing campaign leading to AiTM (Source – Microsoft)
Emails claimed the recipient’s account had violated usage policies, with a PDF named “Fill and Sign Claude Appeal Form.pdf” directing users to an attacker-controlled domain.
Attack chain for “Awesome AI Windows plugin” malvertising leading to Vidar (Source – Microsoft)
Victims were pushed through fake verification screens before being redirected toward what appeared to be a Microsoft sign-in page designed to steal access tokens.
Fake DeepSeek Installer and Malvertising Drop Vidar
In April 2026, attackers moved fast after DeepSeek previewed its V4 model.
Within 45 minutes, a fake GitHub organization called DeepSeek-V4 was live, loaded with stolen branding, real benchmark data, and search-optimized tags designed to rank high in both traditional and AI-assisted search results.
Users who downloaded the archives received a loader that silently installed Vidar infostealer on their devices.
A separate malvertising campaign linked to Storm-3075 pushed a fake product called “Awesome AI Windows Plugin” through free movie streaming sites.
Fake DeepSeek V4 campaign timeline and attack chain (Source – Microsoft)
The download was a fraudulently code-signed executable tied to Fox Tempest, a group running a malware-signing service used by multiple criminal actors.
Once users launched the file and clicked a “Continue” prompt, a Python downloader quietly fetched Vidar from an attacker-controlled server.
To reduce exposure, users and organizations should enable multi-factor authentication on all accounts and avoid clicking links or downloading files from unsolicited emails.
AI platform communications should always be verified by visiting the official website directly. Organizations should also deploy email link scanning tools and solutions that detect and block phishing pages before users ever reach the malicious content.
Indicators of Compromise (IoCs):-
TypeIndicatorDescriptionSHA-256791efb555eefb7215e96659a1353a97416743b66bdd72705493129c64057d40eFile hash for attachment: Fill and Sign Claude Appeal Form.pdfURLhxxp://dash.awaydouble[.]org/0v2authURL inside the Claude phishing PDF attachmentURLhxxps://github[.]com/shippingtechnologymovie/AI-techVideos/releases/download/13123/ProFluxeFlowAi-win-Setup.exeFraudulent GitHub repository (taken down) hosting malware executableSHA-256c7c5072df9f83f4c440a5c3bb4be1d5f6c67bbf78f196406ca20d27b43b975b8File hash for ProFluxeFlowAi-win-Setup.exeSigner SHA-14f5c5b3ef45cfff7721754487a86aeff9a2e6e32Fraudulent code-signing certificate (Fox Tempest)Domainbrokeapt[.]comAttacker-controlled C2 domain for Python loaderDomainpan.ssffaa19[.]xyzVidar C2 domainDomainpan.rongtv[.]xyzVidar C2 domainURLhxxps://github[.]com/DeepSeek-V4/deepseek-V4/releases/download/deepseek-V4/deepseek-v4-pro_x64.7zFraudulent DeepSeek GitHub repository (taken down)SHA-2560a26238f6c516de5885457c93042531aa59bc206a9537cebf5267cedc6c68531deepseek-v4-pro_x64.7z (v1)SHA-2568610d4fb0ec5b525071c2aaec4df0f8fcbb3673aba58a7e1959fc44e83c0e2cadeepseek-v4-flash_x64.7z (v1)SHA-25699231deb373997364381d1eb513d2d42231d418c3a2db9007c5af9bd56ab9371deepseek-v4-flash_x64.7z (v2)SHA-25625270cc429ada8028b5b33220ed412c47907ecceea7377d608fac5af01bed56adeepseek-v4-pro_x64.7z (v2)SHA-25656d722b0331bf0aaa86bb37483486c6dff6ad9427fc473ed7c3226c21a9bdd23DeepSeek-specific extracted PE (deepseek-v4-pro_x64.exe, deepseek-v4-flash_x64.exe, VectorEngine.exe)SHA-2565455341ed1bbe75a664fca2dd0794c508e1874f75360253a7ff5bc119bc92d80Shared loader observed under multiple AI-brand lure names
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials appeared first on Cyber Security News.
