Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Hackers Exploit Claude AI and Google Ads to Spread MacSync Stealer

Hackers Exploit Claude AI and Google Ads to Spread MacSync Stealer

Posted on July 15, 2026 By CWS

Cybersecurity researchers have uncovered a new tactic where threat actors are leveraging Anthropic’s Claude AI platform and Google Ads to distribute a potent malware known as MacSync Stealer targeting macOS users. The discovery was made by Zscaler Threat Hunting, highlighting a sophisticated ploy to deceive users into compromising their systems.

Infiltration via Google Ads and Claude AI

The malware infection chain initiates when users search for terms related to Claude AI, such as “claude download” or “claude mac,” and click on promoted Google advertisements. These ads redirect users to a shared Claude AI chat link. Due to the legitimate claude.ai domain, the attack gains perceived credibility.

Further deception is employed as attackers set their display name in Claude to “Apple Support.” This misleading tactic makes the fake chat, which includes instructions for malware deployment, appear as legitimate guidance from Apple.

Executing the Malicious Script

The fraudulent chat instructs users to execute a Base64-encoded curl command in the macOS Terminal. This method, known as ClickFix, first appeared in 2024 and has become a popular technique for deploying macOS-specific malware.

By running the provided command, users unknowingly trigger a multi-stage infection process. This sophisticated method stealthily redirects outputs to conceal its activities, simultaneously fetching advanced payloads from attacker-controlled servers.

Targeting Sensitive Information

The campaign, active from June 12 to June 19, 2026, utilized 22 distinct Google Ads campaign IDs and targeted various search phrases, including those in Chinese. To avoid detection, malicious infrastructure mimicked domains of local U.S. businesses.

Once MacSync Stealer is fully deployed, it prompts victims to enter their macOS password via a fake system prompt, subsequently harvesting extensive sensitive data. This includes credentials from browsers, password managers, SSH keys, AWS credentials, and cryptocurrency wallet data.

Data Exfiltration and Attribution

After collection, the stolen data is compressed into 10MB segments for transmission to a remote server, and all traces of the malware are deleted from the victim’s system post-exfiltration. Analysts found Russian-language code within the malware’s AppleScript, suggesting the perpetrators may be Russian-speaking.

Preventative Measures and Recommendations

Researchers stress that the Claude AI platform itself was not compromised; instead, its sharing feature was misused. Anthropic has been alerted about the issue, and the malicious shared chats have been taken down. Security experts advise Mac users to avoid executing unfamiliar Terminal commands, verify downloads from official sources, and approach search ad “fix” prompts with skepticism.

Cyber Security News Tags:Apple Support scam, Claude AI, cyber threats, Cybersecurity, Google Ads, information stealer, macOS malware, MacSync Stealer, malware distribution, malware prevention, online security, phishing attacks, Terminal commands, Threat Actors, Zscaler

Post navigation

Previous Post: GPT-5.6 Sol Ultra Crafts Complete Chrome Exploit
Next Post: US Indicts Two Companies for Cybercrime Support

Related Posts

Malvertising Campaign Exploits Tax Season with EDR Attacks Malvertising Campaign Exploits Tax Season with EDR Attacks Cyber Security News
Critical ExifTool Vulnerability Exposes macOS to Hidden Threats Critical ExifTool Vulnerability Exposes macOS to Hidden Threats Cyber Security News
Enhance SOC Efficiency with Improved Team Collaboration Enhance SOC Efficiency with Improved Team Collaboration Cyber Security News
Fake CAPTCHA Scam Inflates Phone Bills via SMS Fraud Fake CAPTCHA Scam Inflates Phone Bills via SMS Fraud Cyber Security News
Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers Cyber Security News
North Korean Hackers Stealthy Linux Malware Leaked Online North Korean Hackers Stealthy Linux Malware Leaked Online Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • US Indicts Two Companies for Cybercrime Support
  • Hackers Exploit Claude AI and Google Ads to Spread MacSync Stealer
  • GPT-5.6 Sol Ultra Crafts Complete Chrome Exploit
  • Destiny Stealer Spreads: How to Shield Your Organization
  • TuxBot v3 Evolution: AI’s Role in IoT Botnet Development

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • US Indicts Two Companies for Cybercrime Support
  • Hackers Exploit Claude AI and Google Ads to Spread MacSync Stealer
  • GPT-5.6 Sol Ultra Crafts Complete Chrome Exploit
  • Destiny Stealer Spreads: How to Shield Your Organization
  • TuxBot v3 Evolution: AI’s Role in IoT Botnet Development

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark