Cybercriminals Using ChatGPT, Grok And Google To Spread Malware — Here’s What You Need To Know

In reality, the page reproduces a publicly shareable chat between an unnamed user and the AI, which serves as a step-by-step guide for installing malware. Users are instructed to paste and run a command in the Mac Terminal and approve all permissions, effectively giving the AMOS (Atomic macOS Stealer) infostealer full access.

Security firm Huntress discovered that both ChatGPT and Grok could be manipulated to deliver harmful search results, even when users feed routine troubleshooting searches like “how to delete system data on Mac” or “clear disk space on macOS.”

AMOS is a macOS-targeting malware that escalates to root-level access, enabling attackers to run commands, record keystrokes, and deploy further malicious payloads. According to BleepingComputer, it also steals cryptocurrency wallets, browser data, including cookies, saved passwords, and autofill entries, Keychain credentials and local files.

If you are seeking solutions to tech issues, scrutinise any instructions you find online. Threat actors often disguise ClickFix attacks as legitimate advice via paid search listings and social media. Never execute commands you don’t fully comprehend, especially those requesting Terminal or PowerShell access, as these are commonly used to deploy malware.

It is possible to counter the attack by starting a fresh ChatGPT conversation and asking whether the instructions are safe. Kaspersky reports that the AI will correctly warn users that they are not safe.