Thursday , July 16 2026
Claude.ai

Hackers misuse Claude.ai and Google ads chats to spread Mac malware

As AI is advancing unpredictably cyber criminals also change their attack pattern which make challenge for cyber resilience. Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active advertising campaign.

Users looking for “Claude mac download” might find ads that show claude.ai as the site to visit. However, these can actually lead to steps that put malware on their Mac.

India to built Mythos-like AI model “Sarvam AI” and “BharatGen” assigned

India is speeding up its work to make homegrown AI models for cybersecurity. These models will help protect important digital...
Read More
India to built Mythos-like AI model “Sarvam AI” and “BharatGen” assigned

Cursor, SonicWall, SharePoint 0-day exploited to the wild

A serious security flaw in Cursor, a popular AI code editor used by more than 7 million developers, lets attackers...
Read More
Cursor, SonicWall, SharePoint 0-day exploited to the wild

Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Microsoft's Patch Tuesday in July 2026 fixes around 570 security flaws in its products. This comes after June's big update,...
Read More
Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

Fortinet fixes seven new security warnings on July 14, 2026. These affect FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The issues vary...
Read More
Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers are using CVE-2008-4128, a CSRF flaw in Cisco...
Read More
CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan
                  Google’s sponsored search result for ‘claude download mac’ (BleepingComputer)

Shared Claude Chats weaponized to target macOS users

The campaign was discovered by Berk Albayrak, a security expert at Trendyol Group, who posted his findings on LinkedIn.

Albayrak found a chat from Claude.ai that claims to be an official guide for “Claude Code on Mac,” saying it’s from “Apple Support.” The chat shows users how to open Terminal and paste a command, which secretly downloads and runs malware on their Mac.

                                     Researcher alerts of ongoing advertising campaign

Bleeping Computer reported, to verify Albayrak’s findings, they landed on a second shared Claude chat carrying out the same attack through entirely separate infrastructure.

The two chats follow an identical structure and social engineering approach but use different domains and payloads. Both chats were publicly accessible at the time of writing:

                        Shared Claude Chat with malicious instructions  (BleepingComputer)

What does the macOS malware do?

The base64 instructions shown in the shared Claude chat download an encoded shell script from domains such as:

In variant seen by Albayrak [VirusTotal]: hxxp://customroofingcontractors[.]com/curl/b42a0ed9d1ecb72e42d6034502c304845d98805481d99cea4e259359f9ab206e

In variant seen by BleepingComputer [VirusTotal]: hxxps://bernasibutuwqu2[.]com/debug/loader.sh?build=a39427f9d5bfda11277f1a58c89b7c2d’

The ‘loader.sh’ (served by the second link above) is another set of Gunzip-compressed shell instructions:

                                   Base64 code retrieves first stage ‘loader.sh’ payload (BleepingComputer)

This script runs completely in memory, leaving little clear evidence on the disk.

BleepingComputer saw that the server sent a different hidden version of the payload for each request. This method is called polymorphic delivery. It makes it more difficult for security tools to detect the download using a known hash or signature.

The variant BleepingComputer identified starts by checking whether the machine has Russian or CIS-region keyboard input sources configured. If it does, the script exits without doing anything, sending a quiet cis_blocked status ping to the attacker’s server on its way out. Only machines that pass this check get the next stage:

                                          Shell script runs macOS malware (BleepingComputer)

Before going on, the script gathers the victim’s external IP address, hostname, OS version, and keyboard settings, then sends this information to the attacker. This profiling of the victim before sending the payload shows that the attackers are careful about who they choose to target.

The script downloads a second-stage payload and runs it using osascript, which is macOS’s built-in scripting tool. This allows the attacker to run code from far away without needing to install a usual app or binary.

The type found by Albayrak seems to skip profiling steps. It goes right to execution. It collects browser usernames and passwords, cookies, and macOS Keychain data, puts them together, and sends them to the attacker’s server. Albayrak found out this is a type of the MacSync macOS infostealer:

                            Albayrak’s variant skips user fingerprinting step (BleepingComputer)

The briskinternet[.]com domain shown above in the variant identified by Albayrak appeared to be down at the time of writing. Click here to read full report.

Check Also

MCP Servers

Thousands of MCP Servers Exposed to File Access and Injection Attacks

Thousands of Model Context Protocol (MCP) servers have serious security flaws like file access issues, …