Tourism Bookings introduces
Cybercriminals have always chased whatever people trust the most. First, it was email. Then search results. Now it's AI chat answers. Researchers are warning about a new campaign where fake AI conversations are showing up in Google search results and quietly pushing Mac users to install dangerous malware. What makes this especially risky is that everything looks helpful, legitimate and step-by-step, right up until your system is compromised.
The malware being spread is Atomic macOS Stealer, often called AMOS, and the attacks abuse conversations generated by tools people increasingly rely on for everyday help. Investigators have confirmed that both ChatGPT and Grok were misused as part of this campaign.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.
THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS
Researchers traced one infection back to a simple Google search: "clear disk space on macOS." Instead of landing on a normal help article, the user was shown what looked like an AI conversation result embedded directly in search. That conversation offered clear, confident instructions and ended by telling the user to run a command in the macOS Terminal. That command installed AMOS.
When researchers followed the same trail, they found multiple poisoned AI conversations appearing for similar searches. That consistency strongly suggests this was a deliberate operation aimed at Mac users searching for routine maintenance help.
If this feels familiar, it should. A previous campaign used sponsored search results and SEO-poisoned links that pointed to fake macOS software hosted on GitHub. In that case, attackers impersonated legitimate apps and walked users through terminal commands that installed the same AMOS infostealer.
According to researchers, once the terminal command is executed, the infection chain kicks off immediately. The base64 string in the command decodes into a URL that hosts a malicious bash script. That script is designed to harvest credentials, escalate privileges and establish persistence, all without triggering a visible security warning.
The danger here is how clean the process looks. There's no installer window, obvious permission prompt or any option for you to review what's about to run. Because everything happens through the command line, normal download protections are sidestepped and the attacker gets to execute whatever they want.
MICROSOFT TYPOSQUATTING SCAM SWAPS LETTERS TO STEAL LOGINS
This campaign combines two powerful ideas. Trust in AI answers and trust in search results. Most major chat tools, including Grok on X, let users delete parts of conversations or share only selected snippets. That means an attacker can carefully curate a short, polished exchange that looks genuinely helpful while hiding the manipulative prompts that produced it.
Using prompt engineering, attackers get ChatGPT to generate a step-by-step cleanup or installation guide that actually installs malware. ChatGPT's sharing feature then creates a public link that lives inside the attacker's account. From there, criminals either pay for sponsored search placement or use SEO tactics to push that shared conversation high in the results.
Some ads are designed to look almost identical to legitimate links. Unless you check who the advertiser actually is, it's easy to assume it's safe. One example documented by researchers showed a sponsored result advertising a fake "Atlas" browser for macOS, complete with professional branding.
Once those links are live, attackers don't need to do much else. They wait for users to search, click, trust the AI output and follow the instructions exactly as written.
REAL APPLE SUPPORT EMAILS USED IN NEW PHISHING SCAM
AI tools are useful, but attackers are now shaping answers that lead you straight into trouble. These steps help you stay protected without giving up search or AI entirely.
This is the most important rule. If an AI response or webpage tells you to open Terminal and paste a command, stop. Legitimate macOS fixes almost never require you to blindly run scripts copied from the internet. Once you press Enter, you lose visibility into what happens next. Malware like AMOS relies on this moment of trust to bypass normal security checks.
AI chats are not authoritative sources. They can be manipulated through prompt engineering to produce dangerous step-by-step guides that look clean and confident. Before acting on any AI-generated fix, cross-check it with Apple's official documentation or a trusted developer site. If you cannot verify it easily, do not run it.
A password manager creates strong, unique passwords for every account you use. If malware steals one password, it cannot unlock everything else. Many password managers also refuse to autofill credentials on fake or unfamiliar sites, which can alert you that something is wrong before you type anything manually. This single tool dramatically reduces the impact of credential-stealing malware.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com
AMOS and similar malware often rely on known weaknesses after the initial infection. Updates patch these holes. Delaying updates gives attackers more room to escalate privileges or maintain persistence. Turn on automatic updates so you are protected even if you forget.
Modern macOS malware often runs through scripts and memory-only techniques. A strong antivirus software doesn't just scan files. It monitors behavior, flags suspicious scripts, and can stop malicious activity even when nothing obvious is downloaded. This is especially important when malware is delivered through Terminal commands.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
Paid search ads can look almost identical to legitimate results. Always check who the advertiser is before clicking. If a sponsored result leads to an AI conversation, a download or instructions to run commands, close it immediately.
Search results promising quick fixes, disk cleanup or performance boosts are common malware entry points. If a guide is not hosted by Apple or a well-known developer, assume it could be risky, especially if it pushes command-line solutions.
Attackers spend time making fake AI conversations look helpful and professional. Clear formatting and confident language are not signs of safety. They are often part of the deception. Slowing down and questioning the source is usually enough to break the attack chain.
This campaign shows how attackers are shifting from breaking systems to manipulating trust. Fake AI conversations work because they sound calm, helpful and authoritative. When those conversations are boosted through search results, they inherit credibility they don't deserve. The technical tricks behind AMOS are complex, but the entry point is simple. Someone follows instructions without questioning where they came from.
Have you ever followed an AI-generated fix without double-checking it first? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
