https://www.kaspersky.co.uk/blog/share-chatgpt-chat-clickfix-macos-amos-infostealer/29796/
Researchers have uncovered a new campaign that abuses Google search ads and popular AI platforms like ChatGPT and Grok to lure macOS users into installing the AMOS infostealer malware. The attack, dubbed “ClickFix,” begins with victims searching for common macOS troubleshooting terms, which trigger Google ads that lead them to manipulated conversations on the LLM platforms containing malicious instructions.
If users execute the commands provided in the AI chats, they unknowingly trigger a base64-encoded script that downloads and installs the AMOS malware, which is capable of stealing sensitive data such as cryptocurrency wallet information, browser data, and macOS Keychain credentials. The malware also includes a backdoor module that allows the operators to execute further commands and drop additional payloads on the infected systems.
These types of attacks, which leverage the trust and popularity of legitimate platforms like OpenAI, are becoming more prevalent. Users must exercise caution when encountering online instructions, even if they appear to come from authoritative sources, and refrain from executing commands without fully understanding their purpose.