A new cyberattack campaign exploits Google search ads to direct users to malicious AI chats that install the AMOS macOS infostealer malware. This campaign uses poisoned ChatGPT and Grok conversations to trick users into executing malicious commands, leading to potential data theft and device compromise. #AMOS #Grok #ChatGPT #macOS #Infostealer
Keypoints
- The campaign abuses Google ads to lure macOS users into malware-infected AI chats.
- Malicious conversations are hosted on legitimate platforms like ChatGPT and Grok.
- Victims executing commands in terminal unknowingly download the AMOS infostealer.
- AMOS targets cryptocurrency wallets, browser data, and macOS Keychain information.
- The malware includes persistence mechanisms and can overwrite wallet applications with trojanized versions.