New MacOS malware exploits trusted AI and search tools

• AMOS operators used malvertising and poisoned ChatGPT/Grok conversations to push Mac malware
• Fake “free disk space” guides tricked users into running Terminal commands that installed AMOS
• Campaign abused Google ads and trusted AI platforms, boosting credibility and infection success

AtomicOS (AMOS) criminals are using a combination of malvertising and GenAI response poisoning to trick MacOS users into downloading malware. This is according to cybersecurity researchers Huntress, who claim not only to have observed the attacks in the wild, but to have replicated the same results as other victims, as well.

In a blog post published earlier this week, Huntress said that AMOS maintainers first created two AI conversations: one with ChatGPT, and one with Grok.

These conversations were about freeing up disk space on a MacOS device, and included instructions on how to do it. The instructions are fake, though, and instead tell the user to ...