ChatGPT Malware Targets Windows and Mac Users via Fake Download Site

.

If you or someone in your organization has visited openew[.]app, downloaded any files, or interacted with the spoofed installers, you must assume the system is fully compromised. Because info-stealing malware exfiltrates stolen data almost instantaneously upon execution, traditional security scans are insufficient for recovery. You must immediately execute the following incident response steps from a secondary, entirely uncompromised device:

1. Trigger Global Session Revocation: Log into your most critical online accounts—including financial institutions, primary email suites, cloud storage (Google Drive, OneDrive), developer environments (GitHub), and communications platforms (Slack, Discord, Telegram)—and select the option to “Sign out of all other sessions” or “Revoke all active logins”. This renders any stolen session cookies useless to the attackers.
2. Rotate Stored Passwords and Cryptographic Keys: Systematically change every password that was stored in the compromised system’s browsers or keychains. Prioritize primary email accounts, as these can be used by attackers to perform password resets across other services. Additionally, rotate all API keys, SSH keys, cloud credentials, and developer tokens that were stored on the affected machine.
3. Secure and Migrate Cryptocurrency Assets: If you utilize software or hardware