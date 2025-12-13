A recent analysis done by cybersecurity experts at Kaspersky brought to light an insidious cyber attack targeting macOS users where search engines, artificial intelligence and cybersecurity intertwine, creating fertile ground for a new dangerous online fraud. Attackers exploit the function of ChatGPT chat sharing to create an installation guide for ChatGPT Atlas (OpenAI’s browser). The result is a trap capable of deceiving even the most astute: every detail (from the website to the guide) apparently seems harmless, perfectly legitimate. In this in-depth analysis we reconstruct the key steps of this new attack: how criminals manipulate Google Ads with misleading links, how they use ChatGPT as a “window display” to promote false guidance, the social engineering techniques used, etc. We will then illustrate the danger of the malware in question, theinfostealer AMOScapable of stealing numerous data from the victims of this attack (from history to crypto wallets) and we will also explain how to concretely defend yourself.

How the Mac attack that exploits ChatGPT shared chats works

It all starts with the use of sponsored ads on Google. The experts at Kaspersky they explain that by searching on Google for terms like “chatgpt atlas”the first result appears completely legitimate: coherent title, domain indicated as the official one of ChatGPT and no apparent signs of counterfeiting. Since the full address is not visible in the preview, criminals are able to hide the real destination you will reach by opening that URL. Clicking on the link, in fact, opens a page actually hosted on the official ChatGPT domainbut it is only a conversation shared via the appropriate function.

And here we find a first aspect that underlies the mechanism of this attack: the link comes from the OpenAI chatbot domainwhich gives the guide aaura of authenticity such as to induce many users to lower their defenses and their attention threshold. The content shown on the page opened in ChatGPT is a fake Atlas installation guide. Here the attackers used the prompt engineeringmodeling requests to the AI ​​to obtain a technical text, formatted in an orderly and credible way. They then cleaned up the previous chat to hide any trace of the manipulation. A truly attentive eye, however, could still notice that something doesn’t add up. Kasperskyin fact, he explains:

Links to shared chats begin with chatgpt.com/share/. In fact, right above the chat it is clearly indicated: “This is a copy of a conversation between ChatGPT and an anonymous user”. However, a less attentive or simply less AI-savvy visitor might take the guide at face value, especially since it is well formatted and published on a reliable-looking site.

The screenshot shows the installation guide for the alleged Atlas for macOS which, essentially, is a shared ChatGPT chat. Credit: Kaspersky.



The critical point arrives when the user follows the elusive instructions with which to proceed with the installation of the OpenAI browser. Users are invited to copy and paste a command into the macOS Terminal. This is a key step: the command given in the macOS Terminal immediately downloads and launches one script from an external server. This is a variant of ClickFix methodwhere the victim is convinced to manually perform a malicious operation. Many users, while avoiding unknown files, do not associate the same risk with a command that they paste into the Terminal. Once launched, the script repeatedly asks for the system password until the correct one is entered; at that point, the malware installs itself using the privileges obtained.

At this point the user who has carefully followed the various steps of the “malicious tutorial” will find himself having installed a variant of AMOS (Atomic macOS Stealer), a dangerous one infostealer created for steal a large amount of sensitive data. It extracts passwords and cookies from major browsers, data from apps like OpenVPN and Telegram, and empties crypto wallets (like Electrum, Coinomi and Exodus). But it doesn’t stop there: it also recovers the user’s personal files from the Mac’s main folders (including Desktop, Documents and Downloads), packages everything up and sends the information to servers run by criminals. In addition to data theft, it installs a backdoor that grants continuous remote access to the device, reactivating itself every time the Mac is restarted.

How to defend yourself from the AMOS infostealer

Given the danger of this attack, now you certainly want to know which defense strategies to adopt to reduce the risk of infection. Here are some points to keep in mind: