Critical MacSync Stealer Delivered via Google Ads and Claude AI Chats
Key Takeaways A new information stealer, MacSync Stealer, is targeting macOS users. Attackers leverage Google Ads and Anthropic’s Claude AI platform to deliver the malware. The infection chain...
Key Takeaways
- A new information stealer, MacSync Stealer, is targeting macOS users.
- Attackers leverage Google Ads and Anthropic’s Claude AI platform to deliver the malware.
- The infection chain exploits shared Claude chats, disguised as Apple Support, to trick users into executing malicious Terminal commands.
- MacSync Stealer exfiltrates a wide range of sensitive data, including browser credentials, cryptocurrency wallets, and developer keys.
- While the malicious Claude chats have been removed, Mac users should remain vigilant against social engineering tactics.
MacSync Stealer Leverages Google Ads and Claude AI for Stealthy macOS Attacks
Cybersecurity researchers at Zscaler have uncovered a sophisticated campaign deploying a novel information-stealing malware dubbed MacSync Stealer. This new threat specifically targets macOS users by exploiting Google Ads and Anthropic’s Claude AI platform, presenting a deceptive front to trick victims into self-infection.
Table Of Content
The Deceptive Infection Vector
The attack initiates when a user searches for terms such as “claude download” or “claude mac.” Malicious Google Ads, strategically placed by the threat actors, redirect unsuspecting victims to a seemingly legitimate shared Claude chat link. This tactic immediately lends credibility to the attack, as the URL originates from the authentic claude.ai domain.
Within the shared chat interface, the attackers masquerade as “Apple Support” by setting their display name accordingly. This impersonation makes the embedded, fake “fix” instructions appear highly trustworthy to the victim. The chat then prompts users to copy and paste a Base64-obfuscated curl command directly into their macOS Terminal. This method is a hallmark of the “ClickFix” technique, a social engineering strategy that emerged in 2024 and has since become a favored tool for operators targeting macOS systems.
Executing this command initiates a multi-stage infection process. The output of the command is silently redirected, concealing any signs of execution from the user. This hidden process then fetches increasingly complex payloads from infrastructure controlled by the attackers, culminating in the full deployment of MacSync Stealer.
Claude Chats Abused for ClickFix
Zscaler traced the campaign, which was active between June 12 and June 19, 2026. Their analysis identified 22 distinct Google Ads campaign IDs and seven search terms related to Claude, including “claude ai,” “claude code,” and even a Chinese-language variant, indicating a broad targeting strategy.
The malicious infrastructure supporting these operations was cleverly disguised, utilizing domain names that mimicked ordinary local U.S. businesses, such as laminate flooring services and pet sitters, to evade detection mechanisms.
MacSync Stealer’s Data Exfiltration Capabilities
Once MacSync Stealer is fully deployed via an AppleScript payload, it attempts to trick victims into entering their macOS password through a fake system prompt. Upon gaining access, the malware systematically harvests a wide array of sensitive data before meticulously erasing its presence from the system. The stolen information includes:
- Keychain files and credentials from Chromium and Gecko-based browsers, encompassing cookies and saved login details.
- Data stored within password manager browser extensions.
- Sensitive developer environment files, such as SSH keys, AWS credentials, and Kubernetes configurations.
- Telegram Desktop files, along with documents and files featuring extensions like .pdf, .wallet, and .kdbx.
- Cryptocurrency wallet browser extensions and desktop applications, with specific targeting of Ledger and Trezor hardware wallets.
According to researchers, the exfiltrated data is compressed and transmitted in 10MB chunks to a remote server. Following successful data transfer, the malware proceeds to delete all traces of its activity from the compromised system.
Analysis of the malware’s AppleScript payload revealed Russian-language code comments, suggesting that the operators behind MacSync Stealer are likely Russian-speaking. Researchers also noted the group’s continuous evolution of tactics, having previously distributed malware through counterfeit “cracked” software before shifting to the ClickFix method and the abuse of AI platforms.
It is crucial to note that Anthropic’s Claude platform itself was not compromised; attackers merely exploited its legitimate shared chat functionality. Anthropic has been informed of the abuse, and the malicious shared chats are no longer accessible. Nevertheless, security experts strongly advise Mac users to exercise extreme caution: never paste unfamiliar Terminal commands, always verify software downloads exclusively through official vendor websites, and approach “fix” prompts originating from search advertisements with profound suspicion.
What You Should Do
- Never Paste Unverified Commands: Refrain from copying and pasting Terminal commands from untrusted sources, especially those found in shared chats or unsolicited “fix” instructions.
- Verify Software Downloads: Always download software directly from the official developer’s website or the macOS App Store. Avoid third-party download sites or links from search ads.
- Be Skeptical of “Support” Prompts: Treat any “support” messages or “fix” prompts encountered through search engine results or shared links with extreme caution, even if they appear to originate from legitimate services like Apple.
- Use a Password Manager: Employ a reputable password manager for all your credentials and enable multi-factor authentication (MFA) wherever possible.
- Maintain System Updates: Keep your macOS operating system and all installed applications fully updated to benefit from the latest security patches.
- Install Reputable Antivirus/Endpoint Detection: Utilize a trusted antivirus or endpoint detection and response (EDR) solution capable of detecting and blocking macOS-specific threats.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.