Mac users are being targeted by a fake Grok app, and it's powered by AI

There's a new macOS malware campaign going on. The campaign uses code written with the help of generative AI, and the malware spreads to unsuspecting Mac users through a fake AI app download. 

New Mac malware is written with the help of AI 

Mosyle reports that the malware campaign is currently named SimpleStealth. The attack takes advantage of a fake website posing as the Grok AI app (X's AI chatbot). Users are tricked on that website into downloading a malicious macOS installer, pretending to be the Grok app. 


The real Grok is an AI chatbot that's designed by xAI and is integrated with the X social media platform. The app is there for a chatbot assistant that answers questions, analyzes stories, and generates text – basically your normal AI chatbot. 


Mosyle also highlights that when the malware was discovered, it had been going undetected by major antivirus programs. The malware uses your good-old social engineering, prompting users for their system password during what looks like a normal setup process. Yep, that's bad. 

Once the user gives their password to the app, the malware can then bypass macOS quarantine protection and install its malicious files on the user's system. 

What does SimpleStealth do? 

Once the malware is installed, it deploys a Monero cryptocurrency miner that's made to be invisible. It starts mining only when the user has been idle for at least a minute, and it's designed to stop when the user returns, so that its activity goes unnoticed. 

The miner is also designed to look like a common macOS system process - like kernel_task or launchhd. On top of it all, this makes it harder to spot with basic system monitoring tools. 

According to Mosyle, there are signs of generative AI assistance in the code for this malware. The code reportedly includes repetitive logic, verbose explanations, and, on top of that, a mix of English and Brazilian Portuguese. All of this indicates that an LLM has helped with the creation of the malware. 

Unfortunately, this indicates that generative AI can speed up the development of malware and help people who are not as technically advanced make malware. Obviously, that could create more macOS threats. Luckily for now, many examples of these are relatively simple. 

How to protect yourself and your Mac

The steps to protect yourself are generally simple. First and foremost, avoid downloading apps from third-party websites, and if you do, pay very close attention to the website you're downloading from. Try to stick to the Mac App Store or websites of official, trusted developers with verified domains. 

Your Mac has baseline protection and built-in security. However, don't assume these protections can save you from anything. Be extremely cautious if an app asks you for a system password during setup, especially if the request seems unrelated to the app's main purpose. 

This new Mac malware shows that AI is changing the threat game

What worries me most here isn't just the fake app. It's actually how easy this kind of attack can now be made. If AI can help write malware faster and make it look more believable, more people will fall for it. A fake AI app feels especially sneaky, because curiosity often wins and people trust tools with “AI” in the name. One wrong download, one password typed in without thinking, and the damage is done.

This is also a good reminder that Macs aren't magically safe. Apple's built-in protections help, but they're not a shield against bad decisions or clever social tricks. If anything, this makes me more cautious than before. Download apps from trusted places, double-check websites, and pause before entering your system password. AI is making software smarter –but sadly, it's also making scams smarter too.