{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/google-ads/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Google Ads","Claude.ai"],"_cs_severities":["high"],"_cs_tags":["malvertising","macos","infostealer","googleads","claudeai"],"_cs_type":"advisory","_cs_vendors":["Google","Anthropic","Apple"],"content_html":"\u003cp\u003eAn active malvertising campaign is leveraging Google Ads and the shared chat functionality of the Claude.ai platform to distribute macOS malware. The attackers create Google Ads that appear when users search for \u0026ldquo;Claude mac download,\u0026rdquo; leading victims to a genuine claude.ai link. However, this link points to a malicious shared chat presenting itself as an official \u0026ldquo;Claude Code on Mac\u0026rdquo; installation guide attributed to \u0026ldquo;Apple Support.\u0026rdquo;  The guide tricks users into copying and pasting a command into their terminal that downloads and executes a shell script. Two variants of the attack have been observed using different infrastructure. The malware exfiltrates browser credentials, cookies, and macOS Keychain contents. This campaign, observed in May 2026, highlights the increasing sophistication of social engineering tactics used to bypass traditional security measures by abusing legitimate services.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker creates a malicious Google Ad targeting users searching for \u0026ldquo;Claude mac download.\u0026rdquo;\u003c/li\u003e\n\u003cli\u003eThe victim clicks on the ad, which leads to a legitimate claude.ai URL hosting a malicious shared chat.\u003c/li\u003e\n\u003cli\u003eThe Claude.ai shared chat poses as an official installation guide for \u0026ldquo;Claude Code on Mac,\u0026rdquo; falsely attributed to Apple Support.\u003c/li\u003e\n\u003cli\u003eThe chat instructs the user to open Terminal and paste a base64 encoded command.\u003c/li\u003e\n\u003cli\u003eThe base64 command decodes to a shell script that downloads another shell script (loader.sh) from a remote server (e.g., bernasibutuwqu2[.]com or customroofingcontractors[.]com).\u003c/li\u003e\n\u003cli\u003eThe loader.sh script may perform victim profiling, such as checking for Russian/CIS keyboard layouts and collecting external IP, hostname, OS version, and keyboard locale.\u003c/li\u003e\n\u003cli\u003eThe script downloads and executes a second-stage payload using osascript, enabling remote code execution.\u003c/li\u003e\n\u003cli\u003eThe second-stage payload (MacSync variant) harvests browser credentials, cookies, and macOS Keychain contents and exfiltrates them to the attacker\u0026rsquo;s server, potentially briskinternet[.]com.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation leads to the compromise of macOS systems, with attackers gaining access to sensitive user credentials, cookies, and keychain data. This stolen information can be used for identity theft, financial fraud, and further access to other systems and services. The campaign demonstrates the effectiveness of using trusted platforms like Claude.ai to distribute malware and bypass user suspicion. The number of affected victims is currently unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious macOS Shell Script Downloads\u0026rdquo; to identify suspicious shell script downloads from uncommon locations (reference rule below).\u003c/li\u003e\n\u003cli\u003eBlock the identified malicious domains (customroofingcontractors[.]com, bernasibutuwqu2[.]com, and briskinternet[.]com) at the DNS resolver or firewall to prevent malware downloads and exfiltration (reference IOC list).\u003c/li\u003e\n\u003cli\u003eEducate users to exercise caution when following instructions from shared chats or sponsored search results, especially those involving pasting commands into the terminal.\u003c/li\u003e\n\u003cli\u003eImplement browser security policies to prevent credential theft and cookie exfiltration.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-10T17:54:06Z","date_published":"2026-05-10T17:54:06Z","id":"https://feed.craftedsignal.io/briefs/2026-05-claude-ai-malvertising/","summary":"Attackers are using Google Ads malvertising and weaponized Claude.ai shared chats to trick macOS users into downloading and executing malware, leading to credential theft and system compromise.","title":"Malvertising Campaign Abuses Google Ads and Claude.ai for macOS Malware Delivery","url":"https://feed.craftedsignal.io/briefs/2026-05-claude-ai-malvertising/"}],"language":"en","title":"CraftedSignal Threat Feed — Google Ads","version":"https://jsonfeed.org/version/1.1"}