{“lastseen”:”2025-12-12T16:05:07″,”description”:”Researchers have found evidence that AI conversations were inserted in Google search results to mislead macOS users into installing the Atomic macOS Stealer (AMOS). Both Grok and ChatGPT were found to have been abused in these attacks.\\n\\nForensic investigation of an AMOS alert showed the infection chain started when the user ran a Google search for \\”clear disk space on macOS.\\” Following that trail, the researchers found not one, but two poisoned AI conversations with instructions. Their testing showed that similar searches produced the same type of results, indicating this was a deliberate attempt to infect Mac users.\\n\\nThe search results led to AI conversations which provided clearly laid out instructions to run a command in the macOS Terminal. That command would end with the machine being infected with the AMOS malware.\\n\\nIf that sounds familiar, you may have read our post about sponsored search results that led to fake macOS software on GitHub. In that campaign, sponsored ads and SEO-poisoned search results pointed users to GitHub pages impersonating legitimate macOS software, where attackers provided step-by-step instructions that ultimately installed the AMOS infostealer.\\n\\nAs the researchers pointed out:\\n\\n\\u003e \u201cOnce the victim executed the command, a multi-stage infection chain began. The base64-encoded string in the Terminal command decoded to a URL hosting a malicious bash script, the first stage of an AMOS deployment designed to harvest credentials, escalate privileges, and establish persistence without ever triggering a security warning.\u201d\\n\\nThis is dangerous for the user on many levels. Because there is no prompt or review, the user does not get a chance to see or assess what the downloaded script will do before it runs. It bypasses security because of the use of the command line, it can bypass normal file download protections and execute anything the attacker wants.\\n\\nOther researchers have found a campaign that combines elements of both attacks: the shared AI conversation and fake software install instructions. They found user guides for installing OpenAI\u2019s new Atlas browser for macOS through shared ChatGPT conversations, which in reality led to AMOS infections.\\n\\n## So how does this work?\\n\\nThe cybercriminals used prompt engineering to get ChatGPT to generate a step\u2011by\u2011step \u201cinstallation\/cleanup\u201d guide which in reality will infect a system. ChatGPT\u2019s sharing feature creates a public link to a single conversation that exists in the owner\u2019s account. Attackers can craft a chat to produce the instructions they need and then tidy up the visible conversation so that what\u2019s shared looks like a short, clean guide rather than a long back-and-forth.\\n\\nMost major chat interfaces (including Grok on X) also let users delete conversations or selectively share screenshots. That makes it easy for criminals to present only the polished, \u201chelpful\u201d part of a conversation and hide how they arrived there.\\n\\nThe cybercriminals used prompt engineering to get ChatGPT to generate a step\u2011by\u2011step \u201cinstallation\/cleanup\u201d guide that, in reality, installs malware. ChatGPT\u2019s sharing feature creates a public link to a conversation that lives in the owner\u2019s account. Attackers can curate their conversations to create a short, clean conversation which they can share.\\n\\nThen the criminals either pay for a sponsored search result pointing to the shared conversation or they use SEO techniques to get their posts high in the search results. Sponsored search results can be customized to look a lot like legitimate results. You\u2019ll need to check who the advertiser is to find out it\u2019s not real.\\n\\nImage courtesy of Kaspersky\\n\\nFrom there, it\u2019s a waiting game for the criminals. They rely on victims to find these AI conversations through search and then faithfully follow the step-by-step instructions.\\n\\n## How to stay safe\\n\\nThese attacks are clever and use legitimate platforms to reach their targets. But there are some precautions you can take.\\n\\n * First and foremost, and I can\u2019t say this often enough: **Don\u2019t click on sponsored search results.** We have seen so many cases where sponsored results lead to malware, that we recommend skipping them or make sure you never see them. At best they cost the company you looked for money and at worst you fall prey to imposters.\\n * If you’re thinking about following a sponsored advertisement, check the advertiser first. Is it the company you’d expect to pay for that ad? Click the three\u2011dot menu next to the ad, then choose options like \u201cAbout this ad\u201d or \u201cAbout this advertiser\u201d to view the verified advertiser name and location.\\n * Use real-time anti-malware protection, preferably one that includes a web protection component.\\n * Never run copy-pasted commands from random pages or forums, even if they’re hosted on seemingly legitimate domains, and especially not commands that look like `curl \u2026 | bash` or similar combinations.\\n\\n\\n\\nIf you’ve scanned your Mac and found the AMOS information stealer:\\n\\n * Remove any suspicious login items, LaunchAgents, or LaunchDaemons from the Library folders to ensure the malware does not persist after reboot.\\n * If any signs of persistent backdoor or unusual activity remain, strongly consider a **full clean reinstall of macOS** to ensure all malware components are eradicated. Only restore files from known clean backups. Do not reuse backups or Time Machine images that may be tainted by the infostealer.\\n * After reinstalling, check for additional rogue browser extensions, cryptowallet apps, and system modifications.\\n * Change all the passwords that were stored on the affected system and enable multi-factor authentication (MFA) for your important accounts.\\n\\n\\n\\nIf all this sounds too difficult for you to do yourself, ask someone or a company you trust to help you\u2014our support team is happy to assist you if you have any concerns.\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2025-12-12T14:26:03″,”modified”:”2025-12-12T14:26:03″,”type”:”malwarebytes”,”title”:”Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer”,”source”:””,”references”:””,”id”:”MALWAREBYTES:C746E924F2AE4841CCAEA87F708177B0″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/12\/google-ads-funnel-mac-users-to-poisoned-ai-chats-that-spread-the-amos-infostealer”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-12T16:05:07″,”description”:”Researchers have found evidence that AI conversations were inserted in Google search results to mislead macOS users into installing the Atomic macOS Stealer (AMOS). Both…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-30755","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n