Protecting Against macOS Malware Spreading via Google Ads and Claude.ai
Protection methods and system cleaning guide from macOS malware spread through Google Ads.
Threat Analysis
Recently, cyber attackers have been organizing a sophisticated attack against macOS users by exploiting search engine advertising (malvertising) and sharing features of artificial intelligence platforms. Users searching with keywords such as 'Claude mac download' are encouraged to click on links that appear as ads but lead to fake sites.
Attack Method
Through Google Ads, attackers generate sponsored results that mimic the legitimate Claude.ai website. When the user clicks on this link, instead of Claude's official site, they arrive at a fake Claude.ai chat page that leads to an installation file (usually .dmg or .pkg) containing malware.
Warning: Do not run any application packages downloaded from unofficial sources. Application installers may place backdoors or information-stealing tools on your system.
Solution and Prevention Steps
To secure your system and check for a possible infection, follow these steps:
# To list suspicious processes, use the following command in the terminal:
ps aux | grep -v grep | grep -E 'claude|installer|suspicious_script'Cleaning and Healing
If you suspect that there is malicious software on your system, you can clean it by following the steps below:
# Check for suspicious auto-start items:
ls ~/Library/LaunchAgents
ls /Library/LaunchDaemonsFinally, keep your system up to date and be sure to scan with an EDR or antivirus solution. For your security, using an ad-blocker in your browser will be your first line of defense against such malvertising attacks.