Security researchers have found that attackers are using ChatGPT to trick Mac users into pasting a command line into Terminal which installs malware. Specifically, it installs MacStealer, which allows the attacker to obtain iCloud passwords, files, and credit card details.
The attack targeted people who were searching Google for instructions on how to free up some disk space on a Mac …
Engadget’s Sam Chapman says he has been following the growing trend of using AI to find new ways to implement old-school scams when he spotted the report from cybersecurity company Huntress.
Hackers are apparently using AI prompts to seed Google search results with dangerous commands. When executed by unknowing users, these commands prompt computers to give the hackers the access they need to install malware.
The attackers held a conversation with ChatGPT in which they introduced the Terminal command, made the chat public, and then paid Google to promote the link. Huntress said this made it appear at the top of Google search results for freeing up disk space on a Mac.
The victim had searched “Clear disk space on macOS.” Google surfaced two highly ranked results at the top of the page, one directing the end user to a ChatGPT conversation and the other to a Grok conversation. Both were hosted on their respective legitimate platforms. Both conversations offered polite, step-by-step troubleshooting guidance. Both included instructions, and macOS Terminal commands presented as “safe system cleanup” instructions. The user clicked the ChatGPT link, read through the conversation, and executed the provided command. They believed they were following advice from a trusted AI assistant, delivered through a legitimate platform, surfaced by a search engine they use every day. Instead, they had just executed a command that downloaded an AMOS stealer variant that silently harvested their password, escalated to root, and deployed persistent malware.
The same was done with X’s Grok chatbot. Search terms targeted were:
Free up storage on Mac
Clear disk space on macOS
How to clear data on iMac
... continue reading