Hackers Spread Malicious Commands Through Chatbots and Ads
Malicious actors create public chat threads in ChatGPT and Grok tailored to popular queries, coerce the AIs into issuing harmful commands, and promote these chats as paid Google search results. As a result, ordinary search results are becoming an attack vector.
By Tetiana Suchkova-Ladik
December 11, 2025 · 1 min read
Cybercriminals are using ChatGPT, Grok and paid ads on Google to widely distribute instructions that perform malicious actions. They publish open dialogues under popular queries and prompt chatbots to generate dangerous commands, then promote these discussions as sponsored results.
Mechanics of attack distribution
Cybersecurity specialists have recorded instances of this approach being used to infect systems. In one case, a user searching for a way to clean a disk came across a chatbot’s response in the search results and executed the suggested command — this led to infection by the macOS malware AMOS.
User vulnerability and advice
The attack did not require downloading a separate file or installing an application: the instruction looked like a routine tip from artificial intelligence. This method bypasses standard defenses because many people trust Google results and chatbot suggestions and do not suspect a risk when copying a command.
One of the sponsored links has already been removed from search, although it remained in the results for at least half a day after the threat was reported. Experts advise not to paste commands into a terminal or browser unless you are 100% sure they are safe.
Alongside this scheme, the number of other threats is rising: the iPhone maker warned about a spyware attack, fake Android apps are stealing money and data, and attackers have also learned to trick the Gemini system to steal users’ information.
