skip to main content
Caltech
Information Management Systems and Services
IMSS  /  News  /  Security Advisory: Fake ChatGPT Sites Delivering Malware

Security Advisory: Fake ChatGPT Sites Delivering Malware

June 01, 2026

Dear Caltech Community,

We are seeing an increase in malicious campaigns impersonating ChatGPT and other generative AI tools. These attacks are actively targeting users through search results, ads, and convincing fake websites. Cybercriminals are increasingly exploiting the popularity of AI tools like ChatGPT.

The safest approach is to avoid public downloads and use only Caltech-managed, enterprise AI services. Please read below for guidelines.

Recent security research shows that attackers are:

  • Creating fake ChatGPT download sites that closely mimic legitimate pages
  • Delivering malware for both Windows and macOS disguised as ChatGPT applications
  • Stealing passwords, browser data, session tokens, and cryptocurrency wallets once installed [malwarebytes.com]
  • Leveraging trusted domains and realistic "outage" messages to trick users into downloading malicious software [bleepingcomputer.com]
  • In some cases, even links hosted on legitimate-looking domains can be abused, making these attacks particularly difficult to detect. [techtimes.com]

What This Means for You

If you search for "ChatGPT download" or click on ads or unfamiliar links, you may unknowingly install malware that compromises your:

  • Caltech credentials
  • Email and collaboration accounts
  • Research data and intellectual property

Required Actions

Please follow these guidelines immediately:

  • Use only Caltech-approved GenAI services
    Access secure, enterprise-supported tools:
    https://www.imss.caltech.edu/services/ai/caltech-ai
  • Do NOT download ChatGPT or AI tools from search results or ads
    Always avoid third-party download sites.
  • Do NOT install "desktop apps" unless explicitly approved by Caltech IMSSBe cautious of prompts such as:
  • "Download the desktop app to continue"
  • "ChatGPT is unavailable — install this version"
  • Any unexpected download instructions
  • When in doubt, go directly to trusted sites (do not rely on links in ads or emails)

Why Use Caltech-Approved AI Tools?

Caltech enterprise AI offerings provide:

  • Stronger data protection and privacy controls
  • Compliance with institutional policies (FERPA, HIPAA, research security)
  • Reduced risk of credential theft or data exfiltration

Report Suspicious Activity

If you suspect you have:

  • Downloaded a suspicious file
  • Entered credentials on a questionable site
  • Encountered a suspicious AI-related link

Please report immediately to: [email protected] or https://servicenow.caltech.edu).

Thank you for helping protect Caltech's community and research.