More Mac malware from Google search
3 months ago
- #MacOS
- #cybersecurity
- #malware
- Google's AI is again linking to malicious scripts, this time delivering AMOS (alias SOMA) stealers to Macs.
- Malicious links found on forged Apple-like sites, Google Docs, Business Google, and Medium articles.
- Attack involves tricking users into pasting malicious Terminal commands, similar to previous ChatGPT attacks.
- AMOS stealer copies Documents folder contents, creates hidden files (.agent, .mainHelper, .pass), and seeks access to Notes.
- Advice includes distrusting search engine results, checking URL authenticity, and avoiding shortened links.
- Never run Terminal commands from untrusted sources; obfuscated commands should raise red flags.
- macOS protections are bypassed by user actions like pasting malicious commands or using curl for malware downloads.