Beware of the Next Hack: Malware on macOS via Fake Ads
A new malvertising campaign is using Google ads and Claude.ai chats to infect Mac devices with malicious software.

The Rise of Malvertising: A Silent Threat to macOS
Digital security is facing a new challenge. Cybersecurity researchers have detected an active malvertising campaign that uses sponsored Google ads to deceive users looking to download the official Claude.ai application. This tactic, which exploits trust in search engines, redirects victims to fraudulent websites designed to install malware on macOS devices.
This incident highlights how malicious actors are refining their social engineering techniques. Much like what we have seen in other complex attacks, such as when CISA demanded patching of a critical vulnerability in Ivanti, legitimate corporate infrastructure is being used as a vector to compromise end-user security.
How the Deception Works
The infection process is sophisticated and relies on identity spoofing. Attackers create ads that look legitimate, using the branding and imagery of Anthropic. Once the user clicks, they are redirected to a shared Claude.ai chat where, under the guise of an installation guide, they are prompted to download a malicious executable file.
"Attackers aren't just looking to steal credentials; the ultimate goal is usually system persistence, which could lead to the deployment of ransomware or remote access trojans (RATs)."
Essential Protective Measures
To avoid falling victim to this type of hack, it is essential to adopt a cautious browsing posture:
- URL Verification: Always check that the web address exactly matches the official domain (claude.ai).
- Avoid Ads: Consider skipping sponsored search results and go directly to the official URL by typing it into your browser.
- Common Sense: No legitimate AI tool will request the execution of external scripts or installers through a shared chat.
Conclusion
The growing popularity of artificial intelligence has made platforms like Claude.ai priority targets for cybercriminals. This vulnerability in user behavior—blindly trusting search results—is the weakest link in the security chain. Keeping software updated and using robust security solutions on macOS is more necessary today than ever to mitigate these emerging risks.
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...