How hackers trick AI chatbots into spreading malware?: Attackers use ChatGPT and Grok to create search-visi… – Bhaskar English
Get the latest news from your city
AI chatbots are supposed to make life easier, answer questions, fix problems, and clear your digital clutter. But guess what? Hackers have now figured out how to make these same chatbots convince you to hack your own device. Yes, the robots didn’t attack us; we basically clicked the wrong link first.
What’s the matter
Cybersecurity firm Huntress discovered a new trick hackers are using. They’re asking AI chatbots like ChatGPT and Grok to suggest harmful computer commands and then pushing those dangerous chats to the top of Google search results.
So when someone searches for a normal topic like “how to clear storage on Mac,” they might click a sponsored AI chat link, and unknowingly run a command that gives hackers access to their device.
Also read: How to check if your phone is hacked? How hackers pull this off
1. They start a fake “helpful” chat
Hackers talk to a chatbot about a trending tech question and coax it into recommending a specific terminal command.
2. That command is actually malicious
Running it allows attackers to enter your system without you realizing it.
3. They boost the chat on Google
By making the AI chat public and paying a small fee, the conversation appears high in search results.
4. People click it, thinking it’s safe
This technique has already been used to spread a Mac malware called AMOS.
The AMOS Mac attack
Huntress found that one user searching for help with a full Mac storage clicked a sponsored ChatGPT result. The AI chat told them to run a terminal command. Once they did:
The command gave attackers access and allowed them to install the AMOS malware.
Researchers later tested both ChatGPT and Grok, and found that both could be manipulated into repeating the same harmful pattern.
Also read: Beware of fake Microsoft emails that look exactly like real Why this matters
This hack combines two things people usually trust:
The mix makes it easier for attackers to disguise malware as helpful advice, and harder for regular users to tell the difference.
How to stay safe
You don’t need to be a cybersecurity expert. You only need to remember one rule:
Never copy-paste a command into your terminal unless you fully understand what it does.
Even if the command appears in:
Just don’t run it unless you’re sure.
Also read: Fraud in the name of hotel booking, how scammers trap people As Huntress researchers put it:
Unknowing users are being guided into hacking their own devices.
Hackers aren’t breaking into AI systems; they’re tricking the AI into tricking you. So be curious, be cautious, and most importantly, never trust a terminal command you didn’t verify.
Copyright © 2024-25 DB Corp ltd., All Rights Reserved
This website follows the DNPA Code of Ethics.
