Malicious Google Search ads redirecting to ChatGPT and Grok guides have been harnessed to distribute the Atomic macOS Stealer, or AMOS, malware as part of a ClickFix attack campaign, BleepingComputer reports.Intrusions commence with searches for macOS-related problem-solving or maintenance questions that yield a Google ad link redirecting to ChatGPT and Grok conversations on the legitimate platforms that lure users into running commands in macOS Terminal, according to Huntress researchers, who expounded on the attack campaign discovered by Kaspersky analysts.Inputting credentials into the bogus password prompt dialog triggers privileged command execution for eventual AMOS infostealer execution."During our investigation, the Huntress team reproduced these poisoned results across multiple variations of the same question, 'how to clear data on iMac,' 'clear system data on iMac,' 'free up storage on Mac,' confirming this isn't an isolated result but a deliberate, widespread poisoning campaign targeting common troubleshooting queries," said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




