Mac users beware: scammers are hijacking Claude chats and Google ads to deliver malware.

Scammers have abused Claude’s “Shared Chats” feature to create fake installation instructions leading to infections by information thieves.
Fraudulent chats were promoted via Google Ads, displaying genuine Claude URLs to deceive Mac users.
The campaign used ClickFix tactics, spoofed “Apple Support” and avoided targeting Russian-language systems.

Cybercriminals are abusing legitimate Claude and Google Ads services to trick Mac users into installing information-stealing malware on their devices, experts have warned.

A new campaign was recently spotted and leaked by security researcher Berk Albayrak on LinkedIn, regarding a feature called “Shared Claude Chats,” which allows users to create clickable links to previous conversations they’ve had with the AI. This way other people can view these specific chat sessions through a public URL.

According to Albayrak, hackers created conversations in which the platform displays instructions on how to install Claude Code (a command-line coding assistant). However, the instructions are nothing more than the standard ClickFix scam: they ask the user to bring up the terminal and paste a command, which triggers a chain reaction leading to an infostealer infection.

Announce the scam on Google

The conversation was created by an account named “Apple Support”, likely to increase its legitimacy. However, those with a shaper’s eye could easily spot the trick, since the chat has a disclaimer at the top, warning that the content below might be “unverified or dangerous.”

But creating a fraudulent conversation is only half the process: victims still have to land in it somehow.

That’s where Google Ads comes in. Scammers were able to buy ads on Google’s ad network, meaning people searching for “Claude Code on Mac” would be served that chat right at the top of the search engine results page. To make matters worse, those hovering over the link or checking where it leads would see “claude.ai” – Claude’s authentic URL.

Albayrak did not say how many people could have been compromised in this way, but BeepComputer found that the malware does not work on computers using the Russian language, suggesting that attackers are actively avoiding targeting Russians.