Malvertising Campaign Targets Mac Users via Fake Claude.ai Ads and Shared Chats

By • min read

Cybercriminals have launched a sophisticated malvertising campaign that exploits both Google Ads and legitimate Claude.ai shared chats to deliver malware to Mac users. The attack targets individuals searching for 'Claude mac download' by presenting sponsored search results that appear to link directly to the official Claude.ai website, but instead redirect victims through a chain of deceptive pages leading to malicious downloads. This campaign highlights the evolving tactics used by attackers to bypass traditional security measures and leverage trusted platforms for distribution.

How the Attack Works

The campaign begins when a user searches for 'Claude mac download' on Google. The sponsored results list Claude.ai as the target URL, but the actual destination is controlled by the attackers. Instead of landing on the legitimate Claude.ai download page, victims are redirected to a fake site that mimics the official appearance or, in some cases, to a page hosted on Claude.ai's shared chat feature.

Malvertising Campaign Targets Mac Users via Fake Claude.ai Ads and Shared Chats
Source: www.bleepingcomputer.com

Google Ads Spoofing Claude.ai

The attackers purchase Google Ads that include Claude.ai's official domain in the display URL, tricking users into clicking. These ads are carefully crafted to appear authentic, using correct branding and language. Once clicked, the ad redirects through multiple intermediate URLs to evade detection and eventually leads to a page that instructs users to download a malicious installer. The use of Google Ads allows the attackers to reach a large audience quickly, as sponsored results appear prominently at the top of search results.

Abuse of Shared Chats on Claude.ai

In a novel twist, the attackers also leverage legitimate Claude.ai shared chats as landing pages. These shared chats are intended for collaboration and sharing conversations, but the attackers use them to host content that appears trustworthy. The shared chat pages contain instructions or links that guide users to download the malware, often disguised as a necessary component for running Claude on a Mac. Because the chats are hosted on the authentic Claude.ai domain, they evade many URL scanners and security filters, making the attack more convincing.

The Malware Delivered

Once the victim follows the instructions on the fake page or shared chat, they download a disk image (.dmg) file. This file contains a malicious payload—typically a variant of known macOS malware such as Atomic Stealer (AMOS) or a custom backdoor. The malware installs itself silently, often asking for permissions that it shouldn't need, such as accessibility or full disk access. After installation, it collects sensitive information including browser credentials, cryptocurrency wallet data, system files, and cookies, and exfiltrates them to a command-and-control server. Newer variants may also include keylogging and screen capture capabilities.

Who Is at Risk

Any Mac user searching for Claude.ai software is a potential target. However, the campaign specifically targets those who are less familiar with verifying download sources or who rely on search engine results without checking URLs carefully. Developers, researchers, and AI enthusiasts are particularly at risk due to their interest in Claude. Additionally, users who click on sponsored ads without scrutiny are more vulnerable.

Malvertising Campaign Targets Mac Users via Fake Claude.ai Ads and Shared Chats
Source: www.bleepingcomputer.com

How to Protect Yourself

To avoid falling victim to this malvertising campaign, follow these cybersecurity best practices:

  • Verify URLs before clicking. Hover over sponsored links to check the actual destination. Only download software from the official source—in this case, claude.ai directly.
  • Use ad blockers. Tools that block sponsored ads reduce exposure to malvertising significantly.
  • Be cautious of shared chats. Even if a page is hosted on a legitimate domain like claude.ai, it may be abused. Do not download files or follow unverified instructions from shared chat links.
  • Keep macOS updated. Regular updates include security patches that can block known malware variants.
  • Install reputable security software. Antivirus and anti-malware tools can detect and block malicious downloads.
  • Check digital signatures. When downloading software, verify that the developer is legitimate and the app is notarized by Apple.

If you suspect you have been infected, disconnect your Mac from the internet, run a full security scan, and consider resetting passwords from a clean device.

Conclusion

This malvertising campaign demonstrates how attackers continuously refine their techniques, blending deceptive advertising with abuse of legitimate platform features like Claude.ai shared chats. For Mac users, the key takeaway is to always verify the source of software downloads and to be skeptical of sponsored search results, even those that appear to lead to trusted domains. As the line between legitimate and malicious content blurs, staying informed and cautious remains the best defense against such threats.

Recommended

Discover More

How to Adapt to the Mac Mini's New Pricing LandscapeHow to Manage AWS Service Discontinuations: A Step-by-Step Migration Guide6 Critical Lessons from the Hypersonic Supply Chain Attacks of 202610 Key Updates in the Python VS Code Extension – March 2026 ReleaseHow to Adopt Docker Hardened Images: A Step-by-Step Guide for Secure Deployments