TEMPO.CO, Jakarta - Kaspersky Threat Research has identified the spread of a new malware through paid Google search ads and conversations on the official ChatGPT site to deceive MacBook users. The attackers target users who are negligent with cybersecurity, making it easy to install infostealers and a permanent backdoor.
According to Kaspersky's investigation, the attackers purchased sponsored search ads for queries such as "ChatGPT Atlas" and directed users to a page that resembled an installation guide for ChatGPT Atlas on macOS. In reality, the page was a hoax containing a copy of the code to breach the user's device.
Kaspersky researchers found that users were required to repeatedly enter their passwords to download and run the script from the external domain. Once the correct password was entered, the script downloaded the Atomic MacOS Stealer infostealer, which infected the user's device. This infection process is a variation of the ClickFix technique. In this technique, users are persuaded to manually execute commands and code from a remote server.
This malware targets passwords, cookies, and other information from popular browsers, data from crypto asset wallets such as Electrum, Coinomi, and Exodus, as well as information from apps including Telegram Desktop and OpenVPN Connect. This malicious program also looks for files with TXT, PDF, and DOCX extensions in the Desktop, Documents, and Downloads folders, as well as files stored by the Notes app, and then exfiltrates this data to the attacker's controlled infrastructure.
Vladimir Gursky, a malware analyst at Kaspersky, mentioned that AI-wrapped social engineering has become commonplace and has increased users' interest in downloading anything related to artificial intelligence. "What makes this case effective is not a sophisticated exploit, but the way social engineering is wrapped in a familiar AI context," Gursky stated in Kaspersky's official report on Wednesday, January 7, 2026.
Kaspersky assesses that this method of attack reflects a broader trend where infostealers pose the most real threat today. Attackers are actively experimenting with themes related to imitation intelligence to attract user interest. The latest wave includes fake AI sidebar browsers and fake clients for popular models, which are later manipulated to spread viruses.
To mitigate this, users are advised to be cautious of any download instructions they receive on websites, especially if there are requests to copy or paste scripts in documents and conversations on the website. Another precaution is to download reliable and reputable software maintenance to detect and block similar malware attacks.
Read: Why SpaceX Will Lower the Orbits of 4,400 Starlink Satellites
Click here to get the latest news updates from Tempo on Google News
