A new malware campaign has been discovered hiding in people’s Google search results when trying to find and download Claude’s Mac app. It’s a stark reminder of just how pervasive advertisements have become in our day-to-day lives, and why using an ad blocker can be a great way to protect yourself.
Hackers are disguising malware as Claude Code, and it’s easy to fall for the scam
Be careful what links you follow
Malware has always hidden in ads
But now they can appear directly in your search results
Bad actors have become very good at making malicious downloads look legitimate and even inviting. Sometimes it might be a fake software update, while other times it’s a full, convincing workup of a company’s support website. And as is the case with a new malware currently making the rounds, it could even be the sponsored ad that appears at the top of your Google search results.
This newest trend is picking up on the popularity of AI-powered apps like Claude, which has become huge thanks to the release of its Cowork function, which is great at automating your job, and Claude Code.
The latest threat targets people looking to use Claude on Mac and was discovered by security engineer Berk Albayrak, who works with the Trendyol Group. Albayrak shared his findings on LinkedIn, noting that the malware-ridden ad pops up when users search for ‘Claude download mac’ on Google. If you searched for that term, and then clicked on the infected ad, it would lead you to a legitimate claude.ai page which has instructed for installing the malware embedded in the page.
It’s a very common way of delivering malware, as it asks those who click on it to paste a set of commands into Terminal, which then downloads the infected files to their device. But this campaign isn’t just happening across one source, either, as BleepingComputer also discovered a second shared Claude chat being distributed in the same way.
What makes malware like this latest Claude malware so terrifying for everyday people, is the fact that it looks to run entirely in your computer’s memory, thus leaving little trace on your disk. That can make it harder to track down and remove.
Ads have become a hotbed for malware
Blocking them is one of the only ways to truly protect yourself
There’s no arguing that ads have become rampant on the internet. For many websites and creators, these are a way to keep the lights on. And our reliance on those sources to help drive income has made them a perfect way for threat actors to try to get some kind of gain from it.
If you don’t use an ad blocker already — and there are good reasons not to, considering YouTube has launched several campaigns against their use — it might not be a bad idea to set one up. There are several browser extensions you can use to block annoying ads, and most ad blockers have a way to allowlist different sites, so you can still block out the bad while supporting the good. If you’re using an Android phone, then you can change DNS settings to block ads and other annoying content, too. Some browsers, like Opera (pictured above) even come with built-in ad blocking systems.
- Developer
-
Anthropic PBC
- Price model
-
Free, subscription available
Claude is an advanced artificial intelligence assistant developed by Anthropic. Built on Constitutional AI principles, it excels at complex reasoning, sophisticated writing, and professional-grade coding assistance.
Finally, if you’re looking for an official download for an app, it’s always best to start at the source. And, if a page asks you to paste a command into Terminal on Mac or Command Prompt on Windows, then it’s likely not something you’ll want to follow through with, as it could put your device at risk.