comscore
हिंदी
  • Home
  • News
  • Hackers Push Fake ChatGPT Atlas Browser Via Search Ads To Steal Passwords: Report

Hackers Push Fake ChatGPT Atlas Browser Via Search Ads To Steal Passwords: Report

A fake ChatGPT Atlas browser is being promoted through search ads, tricking users into running a terminal command that steals stored passwords and system credentials.

Edited By: Divya | Published By: Divya | Published: Dec 12, 2025, 12:02 AM (IST)

ChatGPT Atlas
  • whatsapp
  • twitter
  • facebook
  • whatsapp
  • twitter
  • facebook

A new scam is circulating online, and this time, it’s targeting people searching for the “ChatGPT Atlas” browser. Security researchers have spotted a convincing fake version being pushed through search ads – one that looks polished on the surface but is designed purely to steal your system passwords and account logins.

If you’ve been downloading tools or AI apps lately, this is one to be careful about.

How the fake Atlas browser tricks users

As per a Chinese report, research firm Fable first reported the scam, warning that the attackers aren’t using any advanced hacking tricks. Instead, they rely on something far simpler: user trust. The scam starts with a sponsored search ad. It shows a clean-looking link offering the “ChatGPT Atlas browser,” complete with matching branding and visuals. When users click on it, they land on a site that looks nearly identical to the real thing – layout, colours, copywriting, everything.

But there’s one giveaway: the domain sits on Google Sites. According to the researchers, attackers often clone real websites using automated tools and host them on Google Sites to appear more legitimate – especially for users who assume “Google = safe.”

Where things turn dangerous

The danger begins at the download button. Instead of providing a normal installer (.dmg or .exe), the fake page instructs users to copy and paste a command into their system terminal. For anyone who spends time around code, this is an immediate red flag. But for users who aren’t familiar with terminal commands, it may look like an expected installation step.

The command itself is disguised as a harmless base64 string. When pasted, it gets decoded and executed through curl and bash. This triggers a prompt asking for your administrator password. The moment you enter it, the malware gains full sudo access and installs a second-stage payload.

From that point forward, the attacker can scrape browser-stored passwords, login sessions, and other sensitive information from the device. Researchers say this method resembles older ClickFix-style social engineering attacks – not technically complex, just highly effective because it preys on trust.

How to avoid falling for it

A simple rule helps you avoid this entire scam — No legitimate app will ever ask you to paste terminal commands from a website.

Trending Now

Always check the domain, avoid downloading software from ads, and stick to official developer links. A few seconds of caution can prevent a very stressful cleanup later.