Hackers abuse Google ads, Claude.ai chats to push Mac malware

Threat actors operate an active malvertising campaign exploiting Google Ads and Anthropic's Claude.ai shared chat feature to distribute Mac malware. Users searching for "Claude mac download" encounter sponsored Google search results appearing to link to claude.ai, but these ads redirect to malicious instructions that install malware on macOS systems.

The attackers leverage two legitimate platforms to establish credibility. Google Ads placement gives the malicious links organic appearance within search results, while Claude.ai's shared chat functionality provides a seemingly trustworthy distribution vector. This combination exploits user trust in both Google's advertising ecosystem and Anthropic's AI platform.

The malware targets macOS users specifically, indicating attackers focus on Mac systems despite their smaller market share. This selective targeting suggests the malware either exploits Mac-specific vulnerabilities or serves payloads valuable on macOS devices, such as infostealing malware, cryptominers, or remote access trojans.

The campaign operates at scale. Google Ads allows attackers to bid on high-intent search terms like "Claude mac download," placing malicious links directly in front of users actively seeking Claude downloads. This search hijacking technique delivers victims to threat actors without requiring phishing emails or social engineering beyond the initial ad placement.

Anthropic's shared chat feature compounds the problem. Threat actors create public Claude.ai conversations containing malware installation instructions, embedding these links within the platform's infrastructure. Users following these instructions from what appears to be Anthropic's own service experience reduced suspicion.

Organizations and individuals face escalating risk from malvertising. Brand name searches increasingly lead to malicious destinations rather than legitimate sites. Mac users installing software from apparently legitimate sources now require verification beyond URL or platform appearance. Defenders should validate download sources directly through official websites rather than search results, enable script-blocking extensions, and maintain updated endpoint security on macOS systems.