By rssfeeds-admin 
This newly observed campaign, detected in early December 2025, uses malicious search engine optimization to ensure poisoned AI-generated conversations appear as the top results on Google.
When users search for common queries such as “clear disk space on macOS” or “free up storage on iMac,” they encounter what appear to be trusted ChatGPT or Grok pages offering step-by-step troubleshooting guides.
The conversations are hosted on legitimate chatgpt.com and grok.com domains, making them indistinguishable from authentic AI discussions.
Each dialogue presents formatted guidance with numbered steps, highlighted command blocks, and reassuring language that the provided Terminal commands are safe for system cleanup.
However, the commands contain base64-encoded payloads that, once pasted into Terminal, silently download and execute the AMOS loader.
No files are downloaded, no security alerts are triggered, and macOS Gatekeeper protection is entirely bypassed.
Users believe they are following legitimate maintenance instructions, while in reality, they trigger a full-scale data theft operation.
This marks an evolution of the earlier ClickFix copying techniques, merging social engineering and AI trust exploitation into a seamless infection flow.
Credential Theft and Persistent Installation
When executed, the malicious command retrieves a bash script that prompts the user to enter their system password, masquerading as authentication.
The script secretly validates that password using the dscl-authonly command, storing it in a hidden file named .pass within the temporary directory.
This credential is then supplied to sudo -S, allowing the attacker to escalate privileges and run additional commands as root without further user interaction.
The script downloads an AMOS loader named update, installs a hidden Mach-O binary called .helper inside the user’s home directory, and sets permissions to ensure continuous execution.
To maintain persistence, a LaunchDaemon named com.finder.helper.plist and an AppleScript watchdog agent are deployed to restart the payload whenever the process is terminated or the system reboots.
Once active, the stealer harvests passwords, browser data, cryptocurrency wallets, and macOS Keychain credentials, exfiltrating them to remote command servers at 45.94.47.186 and sanchang.org.
In some cases, legitimate wallet applications such as Ledger Wallet and Trezor Suite are replaced by trojanized versions that capture seed phrases during account verification.
Huntress emphasized that this campaign exploits users’ psychological trust rather than software vulnerabilities.
By weaponizing AI-generated advice and blending it with legitimate search results, threat actors have created an attack chain that feels safe, helpful, and routine until the stolen data begins to surface elsewhere.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post Malicious Leveraging of ChatGPT and Grok Dialogues in AMOS Stealer Campaigns appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.