Security researchers have found that attackers are using ChatGPT to trick Mac users into pasting a command line into Terminal which installs malware. Specifically, it installs MacStealer, which allows the attacker to obtain iCloud passwords, files, and credit card details.
The attack targeted people who were searching Google for instructions on how to free up some disk space on a Mac …
Engadget’s Sam Chapman says he has been following the growing trend of using AI to find new ways to implement old-school scams when he spotted the report from cybersecurity company Huntress.
Hackers are apparently using AI prompts to seed Google search results with dangerous commands. When executed by unknowing users, these commands prompt computers to give the hackers the access they need to install malware.
The attackers held a conversation with ChatGPT in which they introduced the Terminal command, made the chat public, and then paid Google to promote the link. Huntress said this made it appear at the top of Google search results for freeing up disk space on a Mac.
The victim had searched “Clear disk space on macOS.” Google surfaced two highly ranked results at the top of the page, one directing the end user to a ChatGPT conversation and the other to a Grok conversation. Both were hosted on their respective legitimate platforms. Both conversations offered polite, step-by-step troubleshooting guidance. Both included instructions, and macOS Terminal commands presented as “safe system cleanup” instructions.
The user clicked the ChatGPT link, read through the conversation, and executed the provided command. They believed they were following advice from a trusted AI assistant, delivered through a legitimate platform, surfaced by a search engine they use every day. Instead, they had just executed a command that downloaded an AMOS stealer variant that silently harvested their password, escalated to root, and deployed persistent malware.
The same was done with X’s Grok chatbot. Search terms targeted were:
- Free up storage on Mac
- Clear disk space on macOS
- How to clear data on iMac
- Clear system data on iMac
It’s a worryingly clever approach because it bypasses all of the built-in macOS protections, allowing the user to install the malware with no warnings. It exploits the fact that people trust the well-known brands of both Google and ChatGPT.
9to5Mac’s Take
Pasting commands into Terminal without understanding them is a dangerous thing to do at the best of times. If you do it at all, you should ensure that you absolutely trust the source. Sponsored results in Google are not at all trustworthy.
It would be extremely easy for a non-technical user to fall for this, so you might want to alert your family and friends.
Highlighted accessories
- Official Apple Store on Amazon
- Apple 40W Dynamic Power Adapter for iPhone 17
- Official Apple iPhone Air cases and bumpers
- iPhone Air MagSafe Battery
- Official iPhone Air case
- Official iPhone 17 cases
- Official iPhone 17 Pro cases and Pro Max cases
Photo by Ilya Pavlov on Unsplash
FTC: We use income earning auto affiliate links. More.
Comments