Cybercriminals are using ChatGPT, Grok and paid ads on Google to widely distribute instructions that perform malicious actions. They publish open dialogues under popular queries and prompt chatbots to generate dangerous commands, then promote these discussions as sponsored results.
Mechanics of attack distribution
Cybersecurity specialists have recorded instances of this approach being used to infect systems. In one case, a user searching for a way to clean a disk came across a chatbot’s response in the search results and executed the suggested command — this led to infection by the macOS malware AMOS.
User vulnerability and advice
The attack did not require downloading a separate file or installing an application: the instruction looked like a routine tip from artificial intelligence. This method bypasses standard defenses because many people trust Google results and chatbot suggestions and do not suspect a risk when copying a command.
One of the sponsored links has already been removed from search, although it remained in the results for at least half a day after the threat was reported. Experts advise not to paste commands into a terminal or browser unless you are 100% sure they are safe.
Alongside this scheme, the number of other threats is rising: the iPhone maker warned about a spyware attack, fake Android apps are stealing money and data, and attackers have also learned to trick the Gemini system to steal users’ information.
