VERY IMPORTANT

A sophisticated malware campaign exploits user trust in AI platforms to deliver the AMOS stealer. Attackers use SEO poisoning to surface malicious ChatGPT and Grok conversations offering 'helpful' macOS disk cleanup advice. These conversations contain Terminal commands that, when executed, deploy AMOS, a multi-stage malware that harvests credentials, escalates privileges, and establishes persistence. The attack bypasses traditional security measures by leveraging legitimate platforms and user behavior, making it particularly insidious. AMOS targets cryptocurrency wallets, browser data, and system information, exfiltrating sensitive data to attacker-controlled servers. This campaign represents a significant evolution in social engineering techniques, exploiting the growing reliance on AI assistants for technical guidance.