JAKARTA - Artificial intelligence-based malware attacks have begun to target Mac users. Apple's device management company, Mosyle, has revealed a new macOS malware campaign called SimpleStealth that spreads through a fake AI app that claims to be Grok.
In his findings, Mosyle explained that this attack makes use of a fake website that mimics xAI's Grok AI application. Victims are directed to download a malicious macOS installer named Grok.dmg from the fake domain xaillc[.]com, not from the official Mac App Store.
The fake application looks and functions like the original software. However, behind its appearance, a hidden process runs in the background. When it was first discovered, this malware was not even detected by most major antivirus engines.
The attack mode relies on common social engineering, by asking users to enter the system password during the normal installation process. After access is granted, the malware is able to bypass macOS quarantine protection and run the actual malicious payload.
Once installed, SimpleStealth runs a Monero cryptocurrency miner in stealth mode. The mining activity is only active when the Mac is not in use for at least one minute and will stop once the user resumes activity, making it difficult to detect.
To disguise itself, this malware masquerades as legitimate macOS system processes, such as kernel_task and launchd. This camouflage makes suspicious behavior difficult to recognize through regular system monitoring.
Mosyle researchers also found strong indications that this malware code was created with the help of generative AI. The code structure, overly detailed comments, repetitive logic, as well as a mixture of English and Brazilian Portuguese are judged to be very similar to the output of large language models.
This finding reinforces concerns that generative AI is accelerating malware development by lowering technical barriers for cybercriminals. Mosyle warns that macOS threats could emerge faster and more frequently, although each malware variant may be relatively simple.
To reduce the risk, Mosyle recommends Mac users only download apps from the Mac App Store or directly from trusted developers with official domains. Users are also asked to be more vigilant if an application asks for a system password during installation, especially if the request is not relevant to the main function of the application.
For organizations, the use of device management tools and behavioral monitoring is considered important to detect suspicious activities that often escape traditional antivirus, especially in the era of AI-based malware that is increasingly developing.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
