What happened
Threat actors are abusing publicly shared Claude AI artifacts and Google Ads to deliver infostealer malware to macOS users through ClickFix campaigns. According to researchers at Moonlock Lab and AdGuard, attackers promoted malicious search results that directed users to Claude-generated guides or fake support pages instructing them to run Terminal commands. These commands downloaded and executed a loader for the MacSync infostealer, which steals sensitive data including keychain contents, browser credentials, and cryptocurrency wallet information. The malware packaged stolen data into an archive and transmitted it to attacker-controlled command-and-control infrastructure, retrying exfiltration if initial attempts failed. Researchers observed more than 10,000 users accessing malicious instructions, and the Claude artifact alone received over 15,000 views, demonstrating significant exposure.Â
Who is affected
macOS users who searched for technical tools or utilities and followed instructions in malicious Claude artifacts or related search results are affected, as executing the provided commands enabled installation of the MacSync infostealer and theft of sensitive data.
Why CISOs should care
The campaign demonstrates how attackers can leverage trusted AI platforms like Claude to distribute malicious instructions and deliver infostealer malware, increasing risk to enterprise macOS systems through AI-generated content and search-based delivery channels.
3 practical actions
- Monitor macOS systems for suspicious Terminal activity. Detect unauthorized execution of shell commands that retrieve external payloads.
- Audit macOS endpoints for infostealer indicators. Identify signs of credential harvesting or abnormal archive creation and outbound connections.
- Educate users on AI-generated instructions. Ensure users understand the risks of executing commands from AI-generated guides or search results.