AI tools have quickly become part of everyday work in higher education. You might use them to troubleshoot a tech issue, draft a document, prep a lesson, or answer a quick question. That convenience is exactly what attackers are now exploiting.

Recent security research, including reports from Malwarebytes, highlights a growing campaign where malicious Google ads and search results direct macOS users to poisoned AI chat conversations. These chats appear helpful, but they ultimately lead users to install malware known as the AMOS infostealer. Nothing is “wrong” with AI itself; instead, your trust in AI-style answers is being used against you.

How This Works (and Why It’s So Convincing)

Here’s what typically happens. You search Google for something routine, like freeing up disk space or fixing a macOS issue. Near the top of the results, often marked as a sponsored ad, you see what looks like a shared AI chat response. It reads clearly, confidently, and professionally.

The final step is the trap. The “AI” suggests copying and pasting a Terminal command to fix the problem. When you run it, the command quietly downloads and installs malware. Because you initiated the action, the usual browser warnings or download alerts may never appear.

This works because it mirrors how many of us already use AI. You ask a question. You trust the response. You act.

Why This Matters on Campus

If you work in higher education, you’re especially exposed to this kind of attack. You’re encouraged to be resourceful and independent. You’re likely comfortable following technical instructions. And you probably use AI tools often enough that they feel familiar and safe.

Attackers rely on that comfort.

This isn’t the classic phishing email full of typos and a sense of urgency. There’s no strange sender or alarming language. Instead, there’s a calm, authoritative AI answer that looks exactly like the kind of help you’ve come to expect.

The Bigger Risk: Habits We Don’t Question

The biggest risk isn’t just this one malware campaign. It’s the habit it reinforces.

Copying and pasting commands from search results or AI chats is becoming normal. In technical roles, it’s already second nature. In non-technical roles, AI has made troubleshooting feel effortless. When those habits go unchecked, they create an easy path for attackers to exploit.

Once malware like AMOS is installed, it can steal saved passwords, browser data, and credentials, including access to systems that matter far beyond your own device.

What You Can Do Right Now

You don’t need to stop using AI, and you don’t need to become a security expert. Small shifts in behavior make a big difference. 

  • Be cautious with sponsored search results.
    Ads can look identical to legitimate links. If something matters, scroll past the ads and verify the source. 
  • Pause before running Terminal commands.
    If an AI chat or website tells you to copy and paste a command you don’t understand, stop. That moment of hesitation is often the difference between safe and compromised. 
  • Treat shared AI chats like any other unknown link.
    Just because something looks like an AI conversation doesn’t mean it’s trustworthy or complete. 
  • Use trusted campus resources when troubleshooting.
    Use Chapman University approved AI Software such as PantherAI, listed on Chapman University’s AI Hub. Contact the IS&T Service Desk for technical troubleshooting. 
  • Keep your software and security tools up to date.
    Many of these attacks rely on users bypassing safeguards. Software updates and real-time protection help catch what slips through. 

AI is becoming embedded in how you teach, work, learn, and solve problems. That’s not changing. What can change is how you evaluate AI-generated guidance. AI can be a powerful assistant, but it shouldn’t replace your judgment, especially when it asks you to take actions that affect your system or your credentials.

The more intentional you are about how you use AI, the harder it becomes for attackers to take advantage of the trust you’ve built with these tools.

Report any suspicious or malicious message to abuse@chapman.edu.