Malware News Hackers Abuse Google Ads and Claude.ai Shared Chats to Distribute macOS Malware

[lokamoka820]

Content source

https://www.ghacks.net/2026/05/11/hackers-abuse-google-ads-and-claude-ai-shared-chats-to-distribute-macos-malware/

Attackers are currently running a malvertising campaign that uses Google Ads and legitimate shared chats on Claude.ai to spread macOS infostealer malware. The campaign was identified by Berk Albayrak, a security engineer at Trendyol Group, with BleepingComputer independently confirming a second active version using different infrastructure.

Users searching for "Claude mac download" might see sponsored Google search results directing them to Claude.ai, with the URL appearing legitimate. These links lead to publicly shared Claude chats that appear as official "Claude Code on Mac" installation guides supposedly from Apple Support. The chats instruct users to open Terminal and paste a command, which then silently downloads and executes malware.

At the time of reporting, two separate Claude shared chats involved in this attack were accessible publicly, each using different domains and payloads but sharing an identical social engineering approach.

 

[Wrecker4923]

Bleeping computer has more screenshots:

Hackers abuse Google ads, Claude.ai chats to push Mac malware

Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac.

www.bleepingcomputer.com

including Claude.ai MALWARE shared chat: