Cybercriminals are using Google Ads and high search rankings to push Mac users towards malicious AI chatbot conversations hosted on legitimate platforms like ChatGPT and Grok that appear to offer help with common macOS issues but actually contain instructions that lead to the installation of the Atomic macOS Stealer (AMOS). In these attacks, victims search for common fixes, click a sponsored result or an SEO-boosted link to an AI chat that looks trustworthy, and are then given step-by-step commands to run in Terminal that trigger a multi-stage infection chain installing the infostealer, which can harvest credentials and give attackers persistent access without typical warnings. The campaign abuses trust in search engines and AI, making spotting the scam difficult. To stay safe, experts advise avoiding sponsored search results, verifying the advertiser, not running copied Terminal commands from unverified sources, and using real-time anti-malware protection; if infected, removing suspicious items and considering a full reinstall of macOS from clean backups is recommended.
