A new Atomic macOS Stealer (AMOS) attack vector weaponizes Google searches and a user’s trust in AI chatbots, researchers have found. Once infected, the AMOS can collect data, passwords, and more from the infected Mac with alarming ease.
While AMOS attacks have been around since 2023, they normally involve people accidentally downloading a malicious file. But this new approach is different. Instead, it simply requires them to copy and paste a single command into the Terminal app.
Researchers at security outfit Huntress identified the new AMOS approach in early December 2025 after a victim reported the incident. Huntress found that the user had searched “Clear disk space on macOS” before choosing one of the two sponsored results.
Both of those results linked to a shared chatbot chat, one for ChatGPT, the other for Grok. It didn’t matter which the victim clicked because they both ultimately did the same thing.
Huntress was able to repeat the infection steps, which boiled down to copying and pasting a command that was supposed to free up storage space. In reality, it downloaded a file that then set about gaining root privileges to allow it to access apps and data unchecked.
In fact, the route taken by this particular AMOS ensured it never triggered any of Apple’s built-in macOS security features. Once the command was run, there was never any indication that something was amiss.
Once running, Huntress found that the Stealer had the ability to capture a number of high-value data types. Those include access to cryptocurrency wallets, browser credential databases, and even Apple Keychain.
All data collected by the attack is then uploaded to attacker-controlled servers. As for the Stealer itself, the attack ensures it is configured to run even after the Mac is restarted, meaning it’s always ready to steal more data.
While AMOS isn’t new, the key thing to note here is the new approach, and one that Mac users should absolutely be wary of. As people become more wary of files they download from the internet, attackers need new ways of getting malware onto devices.
In this instance, both the ChatGPT and Grok shared chats are legitimate and hosted on their respective services. They also give the air of a legitimate guide that will ultimately free up storage space as requested.
Even pasting a command into the Terminal window makes sense given the context. It’s easy to see how people might fall for such an attack.