Threat Actors Weaponize ChatGPT, Claude, and DeepSeek Brands

Cybercriminals are increasingly exploiting public fascination with artificial intelligence by impersonating popular AI platforms in sophisticated social engineering campaigns, according to new research from Microsoft Threat Intelligence.

The company has observed a sharp rise in attacks that fraudulently use the branding of ChatGPT, Microsoft Copilot, DeepSeek, and Anthropic's Claude as lures. These campaigns—which represent abuse of brand names rather than compromise of the actual services—deploy phishing, malvertising, and search engine optimization tactics to ultimately steal credentials, commit financial fraud, or install malware.

Why it matters

While traditional phishing lures remain effective, AI-themed attacks represent an evolution in social engineering that exploits emerging technology trends and trusted brand recognition. The involvement of initial access brokers like Storm-3075 and malware-signing services attributed to Fox Tempest demonstrates how organized cybercrime infrastructure is adapting to capitalize on AI hype. Organizations must recognize that brand impersonation now extends beyond financial institutions and delivery services to include the AI tools their employees use daily.

ChatGPT phishing harvests payment data

On May 5, 2026, Microsoft detected a ChatGPT-themed phishing operation that sent 4,500 emails primarily to targets in South Africa. The broader campaign delivered up to 100,000 emails daily to recipients in Switzerland, Austria, and South Africa across higher education and professional services sectors.

The emails impersonated ChatGPT Plus subscription notifications, warning recipients their accounts would be downgraded unless they updated payment methods within seven days. Victims who clicked the "Update payment method" button were redirected through multiple legitimate services—including a Bitrix24 CRM domain, Amazon's email tracking infrastructure, and the Rebrandly URL shortener—before landing on a compromised domain hosting the phishing kit.

The final page required users to pass a fake CAPTCHA before collecting names, addresses, and complete credit card details including verification codes.

Claude impersonation targets enterprise credentials

Between April 20 and 22, 2026, attackers impersonated Anthropic's Claude platform in a campaign targeting more than 2,000 organizations, predominantly in the United States, United Kingdom, and India. The information technology sector accounted for 56% of targets.

Emails used display names "Anthropic Teams" and "Anthropic PBC" with subject lines like "Claude Appeal Request" followed by dates. Messages claimed recipients violated acceptable use policies and needed to complete an appeal process. Attached PDFs directed users through Cloudflare verification pages before presenting fake account security warnings.

Infrastructure analysis indicated the final stage employed adversary-in-the-middle techniques designed to intercept Microsoft authentication tokens and enable account compromise.

Malvertising delivers signed infostealers

Microsoft attributes large-scale malvertising campaigns using AI themes like "Awesome AI Windows Plugin" and "Flux Pro AI" to Storm-3075, an initial access broker. On March 13, 2026, a single campaign targeted over 66,000 devices globally, with concentrations in Japan, South Africa, the United States, and France.

Users visiting free movie streaming sites encountered popups advertising fictitious AI video plugins. Downloaded executables were code-signed through a malware-signing-as-a-service operation attributed to Fox Tempest, which Microsoft's Digital Crimes Unit disrupted in May 2026 after revoking over one thousand fraudulent certificates.

The malware required users to click a "Continue" button before executing—a technique designed to evade automated sandbox analysis. The payload chain ultimately delivered Vidar infostealer, though Microsoft has also observed Lumma Stealer, Hijack Loader, and Oyster distributed through similar campaigns.

Fake DeepSeek repositories on GitHub

In April 2026, threat actors created fraudulent GitHub organizations and repositories impersonating DeepSeek V4 within 45 minutes of the model's official preview. The repositories used stolen branding, authentic benchmark data, and SEO optimization to achieve high search engine rankings.

Archives hosted on GitHub's release infrastructure contained executables masquerading as DeepSeek installers. Microsoft observed the first victim download approximately four hours after repository creation. The attacker actively rotated payload hashes while maintaining consistent file names, generating at least three distinct versions within three days.

These details were first reported by Microsoft Security in a threat intelligence blog post. Microsoft emphasized that organizations should leverage AI-powered security capabilities to enhance detection and response across email, identity, and endpoint surfaces as threat actors continue scaling operations.