Cybercriminals Use ChatGPT Grok And Google To Deploy Malware

Security firms Kaspersky and Huntress report that cybercriminals are using paid Google ads and shareable ChatGPT and Grok conversations to trick macOS users into installing the AMOS infostealer via a fake "Atlas" browser on Dec. 16, 2025. The campaign escalates to root access, exfiltrating crypto wallets, Keychain and browser data, and experts advise against running unknown Terminal or PowerShell commands.
Key Points
- 1Deploys paid ads and shared chatbot transcripts to trick macOS users into installing AMOS infostealer.
- 2Escalates to root access, harvesting crypto wallets, browser data, Keychain credentials, keystrokes, and local files.
- 3Avoid running unknown Terminal/PowerShell commands; verify instructions and use fresh AI conversation for safety checks.
Scoring Rationale
Notable because it reveals widespread LLM-assisted malware campaigns, but confined mainly to macOS and ad vectors.
Sources
Public references used for this report.
Practice with real Logistics & Shipping data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Logistics & Shipping problems