Macs, Malware & Misleading Claude: The Scam Google Ads Hat Trick

The Funny Summary

Mac users searching for help with Claude Code are being served a very spicy side dish of malware, courtesy of dodgy Google Ads and fake Claude shared chats pretending to be helpful setup guides. It’s the cyber equivalent of asking for tech support and getting handed a mystery USB stick by someone in a trench coat.

The Top (5) Takeaways

1. Scammers are abusing legitimate-looking Claude links
   Attackers used Claude’s shared chat feature to host fake installation instructions that appeared more trustworthy because they sat on a real Claude domain.

2. Google Ads helped push the scam to the top
   The fraudulent Claude chat was reportedly promoted through Google Ads, meaning users searching for terms like “Claude Code on Mac” could see the malicious result near the top of search results.

3. The attack relies on ClickFix-style social engineering
   Victims were told to open Terminal and paste a command, which triggered a malware infection chain rather than installing anything legitimate.

4. The malware targets sensitive information
   Related reporting says this type of campaign can lead to macOS infostealer infections, including attempts to steal browser data, cookies, credentials and Keychain contents.

5. The lesson: never paste random commands into Terminal
   If a “support guide” tells users to copy-paste a command into Terminal from an ad, shared chat, forum post or random webpage, treat it like a suspicious link wearing a fake moustache.

The Long-From Article

Reference:

https://www.techradar.com/pro/security/mac-users-beware-scammers-are-hijacking-claude-chats-and-google-ads-to-push-malware