Beware: Google Ads Push Malware via Fake ChatGPT, Grok Guides

A concerning new malware campaign is using Google Ads to distribute malicious software by impersonating helpful guides from popular AI platforms like ChatGPT and Grok. Cybersecurity researchers have identified a scheme where attackers purchase search advertisements that appear when users look for common macOS troubleshooting advice, such as freeing up storage or clearing system data. These ads lead directly to publicly shared conversations on legitimate AI platforms, which contain step-by-step instructions that ultimately install the AMOS information-stealing malware.

The security firm Huntress conducted a detailed investigation, reproducing these dangerous search results across multiple variations of queries like “how to clear data on iMac.” This confirmed the campaign is a widespread, deliberate effort to poison common support searches rather than an isolated incident. The attack, dubbed “ClickFix,” begins when a user clicks the ad and is taken to a seemingly helpful AI chat. If the user copies and executes the provided commands in the macOS Terminal, they trigger a malicious sequence.

The commands decode a base64-encoded URL into a bash script named “update.” This script then loads a fake password prompt dialog on the user’s system. Once the user enters their password, the script validates and stores it, using those elevated privileges to download and execute the AMOS infostealer with root-level access. This gives the malware complete control over the system.

AMOS is a well-established malware-as-a-service operation that has targeted macOS systems exclusively since its documentation in April 2023. For a monthly fee, criminals can rent this infostealer, which has recently been upgraded with a backdoor module. This new capability allows operators to run commands on infected machines, log keystrokes, and deploy additional malicious payloads.

Once installed, AMOS operates as a hidden file in the user’s directory and begins a systematic theft of sensitive data. It specifically scans for cryptocurrency wallet applications like Ledger Wallet and Trezor Suite. If found, it replaces the legitimate apps with trojanized versions that trick victims into entering their seed phrases under false pretenses of a security update. The malware also targets a wide array of other digital assets, including wallets from Electrum, Exodus, and MetaMask, along with browser data like saved passwords, cookies, and session tokens. It further harvests information from the macOS Keychain and scours the filesystem for valuable data.

To ensure it remains active, the malware establishes persistence through a LaunchDaemon. This runs a hidden AppleScript that acts as a watchdog, automatically restarting the malicious process within one second if it is ever stopped or terminated. This makes the infection particularly difficult to remove.

This campaign highlights a troubling trend of threat actors exploiting the trust and popularity of legitimate platforms. Users should exercise extreme caution when following technical instructions found online, especially those sourced from unverified advertisements or AI chats. A simple safeguard, as noted by researchers at Kaspersky, is to ask the AI platform itself about the safety of the instructions. When prompted, ChatGPT will correctly identify the malicious commands as dangerous, underscoring the importance of independent verification before executing any code.

(Source: Bleeping Computer)