Hackers Exploit Claude AI and Google Ads to Distribute MacSync Stealer
Threat actors are leveraging Anthropic's Claude AI platform and Google Ads to distribute the MacSync Stealer malware on macOS, tricking users into running malicious commands.

Cybercriminals are employing a sophisticated social engineering scheme that abuses Anthropic's Claude AI and Google Ads to distribute the MacSync Stealer, an information-stealing malware targeting macOS users. The campaign, identified by Zscaler Threat Hunting, begins with malicious Google Ads that appear when users search for terms related to Claude, such as "claude download" or "claude mac." These ads lead unsuspecting users to a shared Claude chat, where the threat actors have impersonated "Apple Support" to gain trust.
The attackers instruct victims to copy and paste a Base64-obfuscated curl command into their Terminal application. This technique, known as "ClickFix," has become a prevalent method for malware operators targeting macOS. The command initiates a multi-stage infection process, silently downloading progressively more potent payloads from attacker-controlled infrastructure while attempting to mask its execution.
Zscaler's analysis revealed that the campaign was active between June 12 and June 19, 2026, utilizing 22 distinct Google Ads campaign IDs and seven specific search terms. The malicious infrastructure was further disguised using domain names that mimicked legitimate U.S. businesses, such as laminate flooring companies and pet sitters, to evade detection by security tools.
Once fully deployed via AppleScript, the MacSync Stealer prompts the user for their macOS password through a fake system dialog. It then systematically harvests a wide range of sensitive data. This includes credentials from Chromium and Gecko-based browsers, password manager extensions, SSH keys, AWS and Kubernetes configurations, Telegram Desktop files, and various document types, particularly those with extensions like .pdf, .wallet, and .kdbx. It also targets cryptocurrency wallet browser extensions and desktop applications.
The stolen data is compressed into 10MB chunks and exfiltrated to a remote server. Following successful data theft, the malware meticulously deletes all traces of its presence on the compromised system. Researchers noted the presence of Russian-language comments within the malware's AppleScript payload, suggesting that the operators behind MacSync Stealer are likely Russian-speaking.
This campaign represents an evolution in the threat actors' tactics, moving from distributing malware through fake "cracked" software to leveraging ClickFix techniques and exploiting AI platforms. It is important to note that Claude itself was not compromised; attackers merely abused its legitimate chat-sharing feature. Anthropic has since been notified, and the malicious chats are no longer accessible.
Security experts advise macOS users to exercise extreme caution when encountering unfamiliar Terminal commands, especially those prompted by search ads or appearing in seemingly legitimate chat interfaces. Always verify software downloads through official websites and treat "fix" prompts from search advertisements with suspicion to avoid falling victim to such attacks.