A new campaign exploits Google search ads to direct macOS users to malicious ChatGPT and Grok conversations. These chats contain instructions that, when executed, install the AMOS infostealer malware, compromising sensitive information. Users are advised to be cautious and avoid running unknown commands.

Threat actors are distributing a fraudulent PDF editing application named AppSuite PDF Editor, which delivers the TamperedChef info-stealer malware. This campaign, supported by Google ads and utilizing fraudulent certificates, has been orchestrated to maximize downloads before activating the malicious components that collect sensitive data and turn systems into residential proxies. Researchers warn that the operation involves multiple apps, some potentially yet to be weaponized, posing ongoing risks to users.