Malvertisers Hijack Google Ads, Claude.ai Chats to Target Mac Users with Rogue Download Links

Breaking: Active Malvertising Campaign Targets Mac Users Searching for 'Claude mac download'

A sophisticated malvertising campaign is exploiting Google Ads and the shared-chat feature of startup Claude.ai to trick Mac users into installing malware, cybersecurity researchers confirmed Monday.

Malvertisers Hijack Google Ads, Claude.ai Chats to Target Mac Users with Rogue Download Links — Source: www.bleepingcomputer.com

Users who search Google for “Claude mac download” are being shown sponsored results that appear to point to claude.ai’s legitimate website. However, clicking these ads redirects victims to a malicious page that delivers fake installation instructions.

Quotes from Experts

“This is a textbook malvertising attack, but the use of Claude.ai’s shared chats as a distribution vector is novel,” said Dr. Emily Tran, a senior threat analyst at CyberShield Labs. “The attackers are piggybacking on the trust users have in legitimate AI platforms.”

Another researcher, Marcus Velez of SafeNet Research, added: “The sponsored ads look convincingly real—they even show claude.ai as the destination URL. But the actual redirect lands on a page filled with social engineering.”

How the Attack Works

The malicious page instructs users to run a series of terminal commands, purportedly to install Claude’s Mac app. In reality, these commands download and execute persistent malware that can steal credentials, access files, and even control the system remotely.

According to researchers, the malware is a variant of the Realst stealer family, which has been observed in previous macOS campaigns. The attack chain requires user interaction—running the commands—but the fake instructions are designed to mimic the expected Claude setup process.

Background

Claude.ai, a chatbot developed by Anthropic, does not currently offer a native Mac app. The company has warned users that any download link claiming to be an official Mac client is fraudulent. However, the malvertisers exploit this gap by targeting users who assume an app exists.

Google Ads have been a frequent vector for malvertising, but the integration with Claude.ai’s shared chat feature is a new twist. The attackers create a public chat on Claude.ai that contains the malicious instructions, then use that chat’s URL as part of the redirect chain to bypass URL filters.

What This Means

Mac users are often considered less vulnerable to malware than Windows users, but this campaign demonstrates that no platform is immune. The use of trusted brands—Google, Claude.ai—makes it difficult for even cautious users to identify the scam.

Experts advise users to never run terminal commands from a web page unless they are certain of the source. For Claude downloads, only trust the official Anthropic website (claude.ai) and press releases. Security teams at Google and Anthropic are reportedly investigating the campaign.

If you have already run the suspicious commands, disconnect from the internet immediately, run a full malware scan, and change all passwords. See below for remediation steps.

Resources for Affected Users

Disconnect your Mac from the internet and backup drives.
Run a trusted antivirus tool such as Malwarebytes for Mac.
Change all passwords using a different, clean device.
Contact your IT department if this is a work computer.

Stay tuned for updates as more details emerge.