Picture this: you search Google for a quick fix to your Mac storage woes, only to find the top results, polished, sponsored, and apparently trustworthy, lead you straight into the jaws of malware. This is the reality of GoogleFix, an evolved malvertising campaign that hijacks reputable brands and platforms to deliver the AMOS infostealer. In just the past month, we tracked over a dozen unrelated businesses, dentists, yoga studios, even churches, unwittingly sponsoring malicious tech support lures. The attackers bypass traditional detection by abusing legitimate ad accounts and publishing on platforms like Medium, Evernote, Grammarly, and AI chat tools.
The campaign’s technical ingenuity lies in its seamless blending of social engineering, ad account hijacking, and multi-layered obfuscation. Not just another tech support scam, GoogleFix weaponizes the very trust users place in familiar brands and platforms. In this report, we unpack how the operation works, the scale of its reach, and why the abuse of sponsored results and AI chat sharing features raises many red flags that need serious consideration.
Malvertising on Google is nothing new, but every so often, attackers find a way to break through the collective skepticism that years of scammy popups and fake antivirus warnings have built up. A few months ago, we documented the rise of the ClickFix technique: from fake "Browser" updates, moving on to fake CAPTCHA overlays that tricked users into pasting malicious code into their terminal. It was clever, but limited in reach. Now, we’re witnessing yet another evolution, "GoogleFix", a campaign that has industrialized the concept and supercharged it with scale, automation, and (even more) trust abuse.
The GoogleFix operation is refreshingly unoriginal in its social engineering: it simply tells users to run a command to "fix" their Mac. The innovation is in the distribution. Instead of sponsoring captcha-like pop-up ads or having compromised sites add fake captchas to their visitors, GoogleFix leverages sponsored Google search results, placing its lures above even Apple’s own support links. The threat actors are actually (ab)using the world's most advanced advertising giant to reach thier victims! And the lure? A single-line bash or zsh command, often obfuscated, that fetches and runs the AMOS infostealer. What began as a niche trick is now a turnkey, industrialized pipeline for the delivery of Mac malware. And not only Mac.
And the lure itself? Not a fake captcha, as attackers moved to full-blown, AI-generated tech-support pages with perfect branding and design. These are not fly-by-night scam sites, but content hosted on Medium, Evernote, Grammarly, Claude, Kimi, Writesonic, and other trusted platforms. The malicious "stealer-installing" instructions are dressed up with real branding and plausible language, making them indistinguishable from legitimate help articles at a glance. The result, massive reach, high click-through, and a malware campaign hiding in plain sight.
If you’ve searched for "mac storage fix" or "how to clean up my mac drive" recently, you’ve likely seen it: the top sponsored results are not from Apple or reputable tech publications, but from yoga studios, dentists, logistics firms, and churches. It would be funny if it weren’t so dangerous. This reveals a systematic abuse of Google Ads, where legitimate advertiser accounts are hijacked or compromised to serve malicious links for IT support lures.
Take, for example, Max-Flow Seamless Gutters Inc. and NFI L.P. Logistics Company, neither of whom have any business offering Mac troubleshooting advice. Their ad accounts, verified by Google, have been quietly subverted to promote sponsored links that redirect to malicious pages on platforms like Kimi or Medium.
In one case, a Texas yoga studio’s ad account was used to sponsor a Writesonic-hosted tech support page. A Saudi Arabian school, a Belgian energy firm, and an Irish nursery all joined the unwitting sponsor list, their reputations lending false credibility to the attack and probably also aiding in getting under Google's radar as well.
What’s more, these malicious ads often blend seamlessly with legitimate marketing campaigns, buried among dozens of unrelated promotions. Even the account owners may not realize their ads have been weaponized, as the rogue campaigns are sometimes found to be hidden from standard Ad transparency views. The sponsored content appears above Apple’s own support links, making it the first port of call for thousands of users seeking help. The attackers rotate between accounts and platforms, ensuring persistence even as individual ads are reported and removed.
Here is just a short list of found compromised advertisers observed in recent days:
And the list keeps growing daily. Here at Guardio, we tried to reach those account owners, without success yet, but we will keep on trying.
The absurdity of a plumber or a church sponsoring Apple support lures is not a bug, it’s the point.
The result is a perfect storm: a user searching for tech help finds a sponsored link that appears reputable and lands on a page hosted by a trusted platform. The abused trust chain continues.
As defenders, we’re trained to look for sketchy URLs, typo-squatted domains, and hastily built scam sites. GoogleFix throws all that out the window. Every stage of the campaign exploits the trust and reach of reputable platforms - starting with Google and now continues with Medium, dev.to, Evernote, Grammarly, Claude, Kimi, Writesonic, Google Docs, and more. Attackers create user-generated content that impersonates Apple Support (or Microsoft, Claude, and so on), complete with logos and plausible instructions. Some are AI-generated, some are simply copy-pasted from the real sites with minimal editing to introduce those malicious commands for us, victims, to copy and execute.
It's worth noting that AI chat tools add a disturbing twist as well. Platforms like Claude and Kimi allow users to generate, share, and publish "chat-branded" content with just a few clicks. We've seen several AI Chat features abused here, leading us to believe the malicious commands shared are actually authentic AI-generated knowledge that we blindly trust.
One way to do that is to ask the AI to generate a simple web page that looks like the real thing, but with content controlled by attackers. Then, abuse the "Share Artifact" feature, which actually hosts the fake-branded "support" page on the AI platform directly - like those examples created with 2-3 crafted prompts on Claude. By the way, analyzing some of those Claude-generated artifacts showed a number of scripts with Russian-language comments, clearly indicating the likely region of origin for at least some of the operation here.
Another more powerful trick is prompt engineering, which allows an AI assistant to say exactly what you want it to say (e.g., deliver malicious commands as actual solutions to storage issues) and then engineer the shared chat to make it look like that was the actual answer from that AI assistant. How? Well, this is simply a design flaw in that "share chat" feature that AI companies should really just disable! Seems like when you share a chat, you can select which questions/answers are to be shared - thus, just select a question you typed in earlier ("How to fix my Mac?") and then select only the chat's answer you designed it to say later on. And Voilà - you've just created a chat session that is totally manipulated, yet looks real and authentic:
This cross-platform hosting does more than boost credibility. It can actually defeat most automated detection systems based on domain and URL reputation. Even when a platform responds to abuse reports (as Grammarly did quickly after our outreach), attackers simply create new accounts and repost the same lure a day later. A more robust solution is required on the user endpoint, and it is clearly also required on the platform's end.
All roads in GoogleFix lead to a single destination: the AMOS infostealer. The bash or zsh command pasted by the victim into their terminals starts a chain reaction of obfuscated commands designed to evade static analysis. But the core action is simple: download a payload from a rotating set of attacker-controlled domains (kayeart[.]com, biopranica[.]com, contactoplus[.]com, and others), make it executable, and run it.
When we dug deeper, we finally got the actual MacO executable that is deployed and executed on victims' machines following this simple first bash command. Realizing what it actually does was quite simple at this point, when all clues pointed to the infamous piece of weaponized software known as AMOS (Atomic macOS Stealer). This infostealer is a full-spectrum data raider for macOS, and once executed, it compromises a wide range of data right from your Mac device:Once executed, it:
In the sample we investigated, the exfiltration IP was 47.77.216.11, which sits on Alibaba Cloud US-West. A deliberate choice exploiting jurisdictional friction between a Chinese-owned provider and Western law enforcement, with historically slow abuse response times. Both the IP range and the "clean-room" profile of this server (VPN tunneling, custom port 5543, no DNS/domains) are consistent with COOKIE SPIDER, a Russian-speaking group first cataloged by CrowdStrike that sells AMOS as a $3K/month MaaS (Malware-as-a-Service) on Telegram. This is consistent with the Russian Language comments we found on lure websites earlier.
At this point, "all your bases are belong to us" - or to the Russians? But the cycle doesn’t end there. Stolen browser sessions and credentials are reused to compromise more ad accounts, allowing the campaign to propagate with fresh victims and new infrastructure. The campaign is self-sustaining; each infection feeds the next.
GoogleFix is a sobering reminder that the most effective attacks are often the least technical, they are the ones that exploit our trust in brands, platforms, and the very infrastructure of the web. Sponsored results aren’t just a marketing annoyance; they have become a high-leverage vehicle for malware distribution, bypassing both user skepticism and enterprise filtering. Here we saw how attackers actually weaponize the reputation of plumbers, yoga studios, schools, and even churches, turning them into unwitting accomplices in the spread of Inforstealers.
The lesson is clear: Google and similar platforms must do more than just verify advertiser identities. There must be, at minimum, real-time, content-aware moderation, and anomaly detection when a local business suddenly sponsors tech support write-ups for Mac users instead of the usual Gutters cleanup services.
On the other hand, as AI chat and content-sharing services proliferate, these risks will only grow. The ability to instantly publish and share AI-generated instructions, backed by the trust of a household brand, creates a perfect storm for abuse.
For defenders and users alike, vigilance is no longer just about avoiding sketchy URLs. Even the most familiar platforms can become attack vectors, especially when their sharing features are open to manipulation. At Guardio Labs, our mission is to expose these patterns, close the gaps, and push the ecosystem toward real accountability. GoogleFix is not an isolated incident; it’s a blueprint for the next generation of malvertising and a call to rethink what we trust online.
# Fake Support Pages
https://apple-macos-slow.medium.com/apple-official-team-9699744aef70
https://apple-mac-disk-space.medium.com/apple-official-team-01b62088fc38
https://mac-memory-file-tips-168102.medium.com/224134566-f96ac938764a
https://claude.ai/public/artifacts/e747da71-02b9-4533-b1de-c7ba9b9de24b
https://claude.ai/public/artifacts/8171d19f-bd21-437f-a228-0b1ccc3268a1
https://apple-storage-guide.mssg.me/
https://macos-storage-fixed.medium.com/3921-a3542255edbc
https://dev.to/support1092/optimize-storage-space-on-mac-2c20
https://www.kimi.com/share/19c6bb4b-2602-8cf2-8000-0000eb59915a
https://lite.evernote.com/note/fa011072-9c69-93f3-5345-2611b4d62b19
https://use.ai/7u9SHG4ElSeidFRf
https://www.kimi.com/share/19c74fc0-b6a2-8366-8000-00001d927337
https://app.writesonic.com/share/writing-assistant/b92e350e-6dc1-4000-ae60-dca3a74ded80
https://lite.evernote.com/note/f8ea3d64-8c1e-f7ef-06fc-6123721c5847
https://www.kimi.com/share/19c76058-43d2-824b-8000-0000b7419bd7
https://coda.grammarly.com/d/Mac-Disk-Cleanup-Guide_dZPSM5-gVku/Mac-Disk-Cleanup-Guide_su4duOul
https://app.writesonic.com/share/writing-assistant/b92e350e-6dc1-4000-ae60-dca3a74ded80
https://coda.grammarly.com/d/Mac-Disk-Cleanup-Guide_drzezHrIEvr/Mac-Disk-Cleanup-Guide_sulKsYvF
https://coda.grammarly.com/d/Mac-Disk-Cleanup_d_8064fRBSR/Mac-Disk-Cleanup_suHRaiUA
https://app.writesonic.com/share/writing-assistant/ac28fb43-b938-4caf-8307-eaaa4ad3235e
# Attacker Infra
47.77.216.11
https://kayeart.com/curl/73fffa64010ef814a909a7f0f2cacad58ad5a2b238564d86e96e7f790cbd1edc
https://kayeart.com/cleaner3/update
http://91.92.242.30/dyrtvwjfveyxjf23
http://91.92.242.30/q0c7ew2ro8l2cfqp
http://91.92.242.30/66hfqv0uye23dkt2
http://hostjnger.com/curl/04245639b3c0cc0998f5bb87b1c60c5f2f4c9fe500fdcd507aaa934c2ac7b5bf
https://crbug.com/414348233
https://biopranica.com/curl/492f197c63aad52b19fb8b367be7425ac41ec7d9297d5d9a81de2ce6efe814bb
https://biopranica.com/curl/4e18482b2d3b989471791317310c33bb86fb00686a91e0155b44c3ad13bbb7f2
https://contactoplus.com/curl/ccc6a13c51c82b72fcfc40fff803444769c5606c65cc26819acc91c2f44cda04
# Analyzed Hashes
09bfde65a68717ddd65f50dd828dfaf437a292d7439864cbc91d5d9d8ff85a6b
