Advanced Malvertising Chain: Exploiting Google Ads and Anthropic Claude to Deploy MacSync Malware

A highly sophisticated malvertising campaign has emerged, specifically targeting the macOS ecosystem by weaponizing a dual-layered trust exploit. Threat actors are currently orchestrating a multi-stage attack chain that leverages both Google Ads for initial discovery and legitimate Anthropic Claude shared chat links to bypass traditional reputation-based web filtering.

Uncovered by security researcher Berk Albayrak on May 10, this campaign serves as a masterclass in modern social engineering. Rather than relying on broken links or obvious phishing sites, the attackers utilize the inherent authority of AI platforms to deliver a variant of the MacSync malware. The primary targets are developers and power users seeking to integrate AI-driven workflows—specifically “Claude Code”—into their local macOS environments.

Technical Breakdown: The Infection Vector and Execution Flow

The attack lifecycle begins with a hijacked search intent. When a user performs a targeted query such as “Claude download Mac,” malicious sponsored results appear at the top of the Search Engine Results Page (SERP). This redirects the victim to a deceptive landing page designed to mimic a professional software installation guide.

Malicious ClickFix (Source: Twitter)
Malicious ClickFix (Source: Twitter)

To bridge the gap between the malicious ad and the payload, the attackers host their fraudulent instructions within a legitimate Claude.ai shared chat. This is a critical tactical move: most security gateways and EDR solutions treat claude.ai as a trusted enterprise domain, allowing the malicious content to bypass automated URL reputation checks.

The Payload Execution:
Once the victim reads the “instructions” on the shared chat, they are prompted to execute a specific command in their macOS Terminal. The technical mechanics of this command are designed to evade detection:

  • Obfuscation: The command utilizes Base64 encoding to mask the true destination of the download, preventing simple string-based detection by network monitors.
  • Direct Piping: The decoded payload is piped directly into the Z shell (zsh). This allows for immediate, “fileless-style” execution of the initial stager, minimizing the footprint on the disk.
  • Malware Deployment: This execution triggers the download of the MacSync variant, a malware family characterized by aggressive persistence mechanisms and the capability for secondary stage exploitation.

Albayrak’s forensic analysis has mapped the primary Command-and-Control (C2) infrastructure to the domain customroofingcontractors[.]com.

Indicators of Compromise (IoC):
Security Operations Centers (SOC) should immediately hunt for the following signature:
SHA-256: bbd98170ea66c8d13605cb88ad0e18602ef40c0745f7b2c979a8a342a31c1857

Defensive Strategies and Mitigation

This campaign highlights a growing trend where attackers weaponize the “social trust” of legitimate SaaS platforms. To defend against this vector, a multi-layered approach is required:

  1. Endpoint Security: Implement EDR/XDR solutions capable of monitoring zsh and bash processes. Look for anomalous patterns, such as shell processes initiating unexpected outbound network connections or executing heavily obfuscated Base64 strings.
  2. User Education: Implement a “Zero Trust” approach to terminal commands. Users must be trained to never copy-paste commands from web-based sources—even if they originate from trusted domains like Anthropic or Google—without first inspecting the code locally.
  3. Network Hardening: Proactively block known malicious C2 domains and monitor for high volumes of traffic to unrecognized or newly registered domains (NRDs).
  4. Verified Sourcing: Encourage a policy of navigating directly to official vendor repositories (e.g., GitHub or official vendor sites) rather than relying on “Sponsored” search results.

As threat actors continue to evolve their use of AI to facilitate social engineering, the perimeter of “trusted” infrastructure is effectively dissolving. Vigilance must shift from trusting the source to verifying the intent of the code being executed.

Related Articles

Back to top button