Tourism Bookings NZ | Book with the owner
MENU

Browse By

Categories

 

Main Pages

    • Loading ...
    • Loading ...
  • Loading ...
  • Loading ...
Main Pages
Countries

Tourism Bookings NZ

Fake AI chat results are spreading dangerous Mac malware

03 Jan 2026 By foxnews

Fake AI chat results are spreading dangerous Mac malware

Tourism Bookings NZ introduces

Cybercriminals have always chased whatever people trust the most. First, it was email. Then search results. Now it's AI chat answers. Researchers are warning about a new campaign where fake AI conversations are showing up in Google search results and quietly pushing Mac users to install dangerous malware. What makes this especially risky is that everything looks helpful, legitimate and step-by-step, right up until your system is compromised.

The malware being spread is Atomic macOS Stealer, often called AMOS, and the attacks abuse conversations generated by tools people increasingly rely on for everyday help. Investigators have confirmed that both ChatGPT and Grok were misused as part of this campaign.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.

THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS

Researchers traced one infection back to a simple Google search: "clear disk space on macOS." Instead of landing on a normal help article, the user was shown what looked like an AI conversation result embedded directly in search. That conversation offered clear, confident instructions and ended by telling the user to run a command in the macOS Terminal. That command installed AMOS.

When researchers followed the same trail, they found multiple poisoned AI conversations appearing for similar searches. That consistency strongly suggests this was a deliberate operation aimed at Mac users searching for routine maintenance help.

If this feels familiar, it should. A previous campaign used sponsored search results and SEO-poisoned links that pointed to fake macOS software hosted on GitHub. In that case, attackers impersonated legitimate apps and walked users through terminal commands that installed the same AMOS infostealer.

According to researchers, once the terminal command is executed, the infection chain kicks off immediately. The base64 string in the command decodes into a URL that hosts a malicious bash script. That script is designed to harvest credentials, escalate privileges and establish persistence, all without triggering a visible security warning.

The danger here is how clean the process looks. There's no installer window, obvious permission prompt or any option for you to review what's about to run. Because everything happens through the command line, normal download protections are sidestepped and the attacker gets to execute whatever they want.

MICROSOFT TYPOSQUATTING SCAM SWAPS LETTERS TO STEAL LOGINS

This campaign combines two powerful ideas. Trust in AI answers and trust in search results. Most major chat tools, including Grok on X, let users delete parts of conversations or share only selected snippets. That means an attacker can carefully curate a short, polished exchange that looks genuinely helpful while hiding the manipulative prompts that produced it.

Using prompt engineering, attackers get ChatGPT to generate a step-by-step cleanup or installation guide that actually installs malware. ChatGPT's sharing feature then creates a public link that lives inside the attacker's account. From there, criminals either pay for sponsored search placement or use SEO tactics to push that shared conversation high in the results.

Some ads are designed to look almost identical to legitimate links. Unless you check who the advertiser actually is, it's easy to assume it's safe. One example documented by researchers showed a sponsored result advertising a fake "Atlas" browser for macOS, complete with professional branding.

Once those links are live, attackers don't need to do much else. They wait for users to search, click, trust the AI output and follow the instructions exactly as written.

REAL APPLE SUPPORT EMAILS USED IN NEW PHISHING SCAM

AI tools are useful, but attackers are now shaping answers that lead you straight into trouble. These steps help you stay protected without giving up search or AI entirely.

This is the most important rule. If an AI response or webpage tells you to open Terminal and paste a command, stop. Legitimate macOS fixes almost never require you to blindly run scripts copied from the internet. Once you press Enter, you lose visibility into what happens next. Malware like AMOS relies on this moment of trust to bypass normal security checks.

AI chats are not authoritative sources. They can be manipulated through prompt engineering to produce dangerous step-by-step guides that look clean and confident. Before acting on any AI-generated fix, cross-check it with Apple's official documentation or a trusted developer site. If you cannot verify it easily, do not run it.

A password manager creates strong, unique passwords for every account you use. If malware steals one password, it cannot unlock everything else. Many password managers also refuse to autofill credentials on fake or unfamiliar sites, which can alert you that something is wrong before you type anything manually. This single tool dramatically reduces the impact of credential-stealing malware.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com 

AMOS and similar malware often rely on known weaknesses after the initial infection. Updates patch these holes. Delaying updates gives attackers more room to escalate privileges or maintain persistence. Turn on automatic updates so you are protected even if you forget.

Modern macOS malware often runs through scripts and memory-only techniques. A strong antivirus software doesn't just scan files. It monitors behavior, flags suspicious scripts, and can stop malicious activity even when nothing obvious is downloaded. This is especially important when malware is delivered through Terminal commands.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

Paid search ads can look almost identical to legitimate results. Always check who the advertiser is before clicking. If a sponsored result leads to an AI conversation, a download or instructions to run commands, close it immediately.

Search results promising quick fixes, disk cleanup or performance boosts are common malware entry points. If a guide is not hosted by Apple or a well-known developer, assume it could be risky, especially if it pushes command-line solutions.

Attackers spend time making fake AI conversations look helpful and professional. Clear formatting and confident language are not signs of safety. They are often part of the deception. Slowing down and questioning the source is usually enough to break the attack chain.

This campaign shows how attackers are shifting from breaking systems to manipulating trust. Fake AI conversations work because they sound calm, helpful and authoritative. When those conversations are boosted through search results, they inherit credibility they don't deserve. The technical tricks behind AMOS are complex, but the entry point is simple. Someone follows instructions without questioning where they came from.

Have you ever followed an AI-generated fix without double-checking it first? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report 

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter. 

Copyright 2025 CyberGuy.com.  All rights reserved.

Are you looking for a holiday? Get special deals.

 

More News

Booking.com
Roblox adds age-based accounts for kids and teens
Roblox adds age-based accounts for kids and teens
5 worrisome privacy clauses hidden in smart home devices
5 worrisome privacy clauses hidden in smart home devices
Dangerous water warnings hit trendy vacation spot after powerful storm pounds area
Dangerous water warnings hit trendy vacation spot after powerful storm pounds area
2,000-year-old Roman shipwreck discovered with treasures still clustered where it sank
2,000-year-old Roman shipwreck discovered with treasures still clustered where it sank
Scientists say turtle shells could hold clues to secret side of Neanderthal behavior
Scientists say turtle shells could hold clues to secret side of Neanderthal behavior
Widow, son of late Chicago commissioner found shot dead inside home in suspected homicide: reports
Widow, son of late Chicago commissioner found shot dead inside home in suspected homicide: reports
Harvard president calls students 'ignorant' on Israel-Palestinian conflict
Harvard president calls students 'ignorant' on Israel-Palestinian conflict
Hunter Biden trashes Democratic leadership, hails Gavin Newsom as party's 'greatest warrior'
Hunter Biden trashes Democratic leadership, hails Gavin Newsom as party's 'greatest warrior'
Tigers sign top prospect Kevin McGonigle to $150 million extension just 17 games into career
Tigers sign top prospect Kevin McGonigle to $150 million extension just 17 games into career
'Dukes of Hazzard' star Catherine Bach stuns fans in new photo after reported hospitalization
'Dukes of Hazzard' star Catherine Bach stuns fans in new photo after reported hospitalization
DC Metro CEO fires back at critics hammering him for picture with National Guard troops
DC Metro CEO fires back at critics hammering him for picture with National Guard troops
DC curfew ends as teen takeover fears clock in - city braces for chaos amid spring break mayhem
DC curfew ends as teen takeover fears clock in - city braces for chaos amid spring break mayhem
LIV Golf's end may be imminent after report signals Saudi Arabia is preparing to cut off funding
LIV Golf's end may be imminent after report signals Saudi Arabia is preparing to cut off funding
Airline unveils stacked bunk bed 'pods' as backlash builds over pricey, cramped way to fly
Airline unveils stacked bunk bed 'pods' as backlash builds over pricey, cramped way to fly
Iran shifts 20M barrels through 'dark' offshore oil network bypassing US port blockade, firm says
Iran shifts 20M barrels through 'dark' offshore oil network bypassing US port blockade, firm says
Stefanik clashes with CNN hosts over Trump's Pope comments, while accusing Swalwell of 'criminal' conduct
Stefanik clashes with CNN hosts over Trump's Pope comments, while accusing Swalwell of 'criminal' conduct
Switzerland fires hockey coach who admitted to faking vaccination status for 2022 Beijing Olympics
Switzerland fires hockey coach who admitted to faking vaccination status for 2022 Beijing Olympics
Hannity probes the psychology of Trump's would-be assassin and a new wave of radicalized youth on Fox Nation
Hannity probes the psychology of Trump's would-be assassin and a new wave of radicalized youth on Fox Nation
LABOR SEC CHAVEZ-DeREMER: Trump tax cuts deliver bigger refunds and a big boost for working families
LABOR SEC CHAVEZ-DeREMER: Trump tax cuts deliver bigger refunds and a big boost for working families
Former MLB prospect, 35, killed in car crash while returning from coaching tournament
Former MLB prospect, 35, killed in car crash while returning from coaching tournament
TOURISM BOOKINGS NZ

Promote Your Business with Tourism Bookings NZ.

Providing first class business listings that deliver results for both users and businesses. Please Press Claim Listing if you are the business owner.

TOP REGIONS

All Regions
Bay Of Islands
Wellington
South Island
Abel Tasman National Park
Waiheke Island
Lake Taupo
North Island
Coromandel Peninsula
Hawke S Bay
Golden Bay
Northland
Tasman
Far North
Marlborough
Top Of The South
Cardrona Alpine Resort
Canterbury
Stewart Island
Marlborough Sounds
Great Barrier Island

TOP CITIES

All Cities
Auckland
Queenstown
Rotorua
Wellington
Taupo
Christchurch
Tauranga
Lake Tekapo
Mount Cook National Park

TOP DISTRICTS

All Districts
Addington
Albany
Albert Town
Auckland Airport Area
Auckland CBD
Avondale
Avonhead
Beachlands
Bealey Avenue
Britomart
Bucklands Beach
Burnside
Christchurch City-Centre
Cornwall Park
Courtney Place
Cuba Street
Devonport

OUR PARTNERS

Accommodation New Zealand
Tourism Guide
Hotel Find
South Australia Travel
Sydney Tourism
Tourism TAS
Broome Tourism
Redcliffe Tourism
Townsville Tourism
Melbourne Tourism
Lightning Ridge Tourism
Mackay Tourism
Tourism Caloundra
Great Ocean Road Tourism
Tourism Brisbane
Tourism Cairns
Whitsundays Tourism
Sunshine Coast Tourism
Tourism Adelaide
Tourism Gold Coast
Tourism WA
New South Wales Tourism
VIC Tourism
QLD Tourism
Tourism Canberra
Tourism Bookings
Tourism Bookings NZ
New Zealand Australia USA UK India Germany France

copyright © 2026 Tourism Bookings NZ.   All rights reserved.