GoKawiilAttackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign.
Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac.
Google's sponsored search result for 'claude download mac'
(BleepingComputer)
Shared Claude Chats weaponized to target macOS users
The campaign was spotted by Berk Albayrak, a security engineer at Trendyol Group, who shared his findings on LinkedIn.
Researcher alerts of ongoing malvertising campaign
Albayrak identified a Claude.ai shared chat that presents itself as an official "Claude Code on Mac" installation guide, attributed to "Apple Support."
The chat walks users through opening Terminal and pasting a command, which silently downloads and runs malware on their Mac.
While attempting to verify Albayrak's findings, BleepingComputer landed on a second shared Claude chat carrying out the same attack through entirely separate infrastructure.
... continue reading