Malware, Phishing, Threat Intelligence

New AMOS infostealer campaign taps ChatGPT, Grok guide ads

Malicious Google Search ads redirecting to ChatGPT and Grok guides have been harnessed to distribute the Atomic macOS Stealer, or AMOS, malware as part of a ClickFix attack campaign, BleepingComputer reports.

Intrusions commence with searches for macOS-related problem-solving or maintenance questions that yield a Google ad link redirecting to ChatGPT and Grok conversations on the legitimate platforms that lure users into running commands in macOS Terminal, according to Huntress researchers, who expounded on the attack campaign discovered by Kaspersky analysts.

Inputting credentials into the bogus password prompt dialog triggers privileged command execution for eventual AMOS infostealer execution.

"During our investigation, the Huntress team reproduced these poisoned results across multiple variations of the same question, 'how to clear data on iMac,' 'clear system data on iMac,' 'free up storage on Mac,' confirming this isn't an isolated result but a deliberate, widespread poisoning campaign targeting common troubleshooting queries," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds