A malvertising campaign reported on 12 May 2026 abuses Google sponsored ads and Anthropic's Claude shared-chat feature to deliver a macOS infostealer to users searching for terms such as "Claude Mac download." The ads display a legitimate claude.ai domain but route victims to attacker-crafted public Claude chats that masquerade as Claude Code installation guides and instruct them to paste a command into Terminal. The command fetches an encrypted, polymorphic script that executes in memory using shell scripts and osascript, leaving minimal disk artifacts. Collected data includes browser cookies, saved credentials, macOS keychain contents, device name, external IP, OS version, and keyboard layout; researchers noted overlap with the MacSync stealer and a routine that aborts execution on Russian or CIS keyboard layouts. At least two variants with distinct infrastructure were observed, and the abusive shared chats remained publicly accessible during the investigation.
- Cybercriminals exploit Google ads and fake Claude AI chats to ta(opens in a new tab)
- Cybercriminals exploit Google ads and fake Claude AI chats to ta(opens in a new tab)