- Crooks abused Claude’s “Shared Chats” feature to plant fake install instructions leading to infostealer infections
- Fraudulent chats were promoted via Google Ads, showing authentic Claude URLs to trick Mac users
- Campaign used ClickFix tactics, spoofed “Apple Support,” and avoided targeting Russian‑language systems
Cybercriminals are abusing legitimate Claude and Google Ads services to trick Mac users into installing infostealing malware on their devices, experts have warned.
A new campaign was recently spotted, and disclosed, by security researcher Berk Albayrak on LinkedIn, concerning a feature called “Shared Claude Chats”, which allows users to create clickable links of previous conversations they’ve had with the AI. That way, other people can view those specific chat sessions through a public URL.
According to Albayrak, the hackers have created conversations in which the platform shows instructions on how to install Claude Code (a command-line coding assistant). However, the instructions are nothing but the standard ClickFix scam – they tell the user to bring up the Terminal and paste a command, which triggers a chain reaction resulting in an infostealer infection.
Advertising the scam on Google
The conversation was created by an account named “Apple Support”, likely to increase its legitimacy. Those with a shaper eye, however, could easily spot the trick, since the chat has a disclaimer at the top, warning the content below might be “unverified or unsafe”.
But creating the fraudulent conversation is just half the process – victims must still somehow land there.
That’s where Google Ads come in. The crooks were able to purchase ads on Google’s advertising network, meaning people searching for “Claude Code on Mac” would be served this chat at the very top of the search engine results page. To make matters worse, those who would hover over the link or double-check where it leads, would see “claude.ai” – the authentic Claude URL.
Albayrak did not say how many people might have been compromised this way, but BleepingComputer found the malware does not work on computers with Russian language, suggesting that the miscreants are actively avoiding targeting Russians.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/4HQfMQ7ScfTqv5RDukfnYA-2190-80.jpg
Source link
