Mac users beware — scammers are hijacking Claude chats and Google ads to push malware - TechRadar

Detailed Analysis

A sophisticated malware campaign targeting Mac users has emerged, exploiting the reputation and interface of Anthropic's Claude AI assistant alongside fraudulent Google advertisements to distribute malicious software. The attack vector represents a dual-pronged approach: threat actors are reportedly manipulating or impersonating Claude chat interactions to deceive users into downloading harmful payloads, while simultaneously running deceptive Google ads that masquerade as legitimate software or services. Mac users, who have historically operated under the assumption that Apple's ecosystem provides stronger baseline security protections than competing platforms, are the primary targets of this campaign — a targeting choice that reflects the growing recognition among cybercriminals that macOS users are increasingly valuable and, arguably, less vigilant about malware threats.

The method of hijacking an AI chatbot's interface or impersonating it to deliver malware represents a notable evolution in social engineering tactics. Claude's growing adoption as a productivity and professional tool makes it a credible lure — users who trust the platform are more likely to follow instructions or download files they believe originate from a legitimate AI assistant. The combination with poisoned Google ads, a technique known as "malvertising," compounds the threat by intercepting users at the moment of active search intent, when they are already predisposed to trust and act on what they find. This layered deception — a trusted search engine pointing to a trusted AI brand — makes the campaign particularly effective at bypassing user skepticism.

This incident fits within a broader and accelerating trend of cybercriminals co-opting the branding and interfaces of major AI platforms to conduct fraud and malware distribution. Anthropic's Claude, OpenAI's ChatGPT, and other high-profile AI tools have all seen their names and visual identities weaponized as threat actors recognize that public enthusiasm for AI creates a large pool of potential victims who may not yet have developed the critical instincts to distinguish legitimate AI interactions from malicious imitations. The Google Ads ecosystem has been a recurring vector for such campaigns, with malvertising attacks targeting users searching for popular software having surged significantly over the past two years.

For the broader AI industry, incidents like this carry reputational and trust implications that extend beyond any single company. Anthropic, like its competitors, faces the challenge that its product's success makes it an attractive impersonation target — a problem that cannot be fully solved through product security alone and requires coordinated responses involving ad platform enforcement, user education, and threat intelligence sharing. Apple, meanwhile, faces renewed pressure to address the perception that macOS security may not be as robust as marketed, particularly as malware authors increasingly invest in macOS-compatible attack tools to reach a demographic that skews toward higher-income professionals and enterprise users. The campaign underscores that the most dangerous vulnerabilities in modern cybersecurity are frequently not technical but psychological — exploiting user trust in familiar and reputable brands.