Hackers Exploit Claude.ai and Google Ads to Spread Malware Targeting Developers
Security researchers at TrendAI uncovered a sophisticated cyberattack campaign named ClickFix that operated from April to June 2026, compromising over 2,000 victims, mainly tech-savvy users such as developers. The attackers exploited popular AI tools and platforms, including Claude.ai and Google Ads, to distribute malware by leveraging user trust in these services.
The campaign used paid Google Ads targeting popular AI-related search terms like Claude Code, ChatGPT, Codex, and Perplexity AI, directing users to fake chat pages that mimicked legitimate support channels, including impersonations of Apple Support. Victims were prompted to copy and paste seemingly technical commands into their computer terminals, which in reality downloaded and executed the MacSync infostealer malware. This malware aimed to steal sensitive data such as passwords, browser cookies, SSH keys, and cryptocurrency wallet files.
A notable aspect of the attack was the use of legitimate Claude.ai domains through the platform’s official chat-sharing feature, making malicious links appear trustworthy and bypassing some automated security filters. Additionally, attackers hosted fake download pages on GitLab Pages under recognized domains, with TrendAI identifying 106 malicious hostnames throughout the campaign.
The attack primarily targeted the Asia-Pacific region, accounting for over two-thirds of confirmed victims, with Taiwan, Japan, and Singapore as main hotspots, alongside incidents in India, France, and Italy. Following the report, Anthropic disabled the compromised accounts and removed the malicious chats, announcing plans to enhance protections against abuse of chat-sharing features.
Users are strongly advised not to run terminal commands copied from unverified web pages or chats, even if they appear under trusted domains. Developers should only download tools from official websites or reputable package managers like brew or npm to avoid infection.