Hijacked Google Ads and Fake Claude AI Guides Used to Deliver MacSync Infostealer Through ClickFix Campaign

Attackers are hijacking verified Google Ads accounts and abusing a public Claude AI artifact page to deliver the MacSync infostealer to macOS users through ClickFix social engineering, according to researchers at Moonlock Lab.

The campaign combines three distinct social engineering layers — hijacked advertising infrastructure, trusted AI platform content, and Terminal command manipulation — to bypass both platform security controls and user suspicion.

Hijacked Google Ads Accounts

The attackers compromised legitimate, verified Google Ads accounts belonging to Earth Rangers, a Canadian children's charity, and T S Q SA, a Colombian watch retailer. Because these accounts have established history and clean reputations, the malicious advertisements bypassed Google's verification checks without triggering alarms.

When users search for common technical terms like "online DNS resolver," "HomeBrew," or "macos cli disk space analyzer," the hijacked sponsored results appear at the top of search results, directing victims to one of two landing pages.

Claude AI as Attack Infrastructure

The first landing page is a public artifact hosted on Anthropic's official Claude AI platform titled "macOS Secure Command Execution." Moonlock researchers reported the page had already been viewed over 15,600 times before discovery.

The second variant is a Medium article hosted at apple-mac-disk-space.medium.com, impersonating the official Apple Support Team.

Both pages instruct users to copy a specific command and paste it into their macOS Terminal — the core ClickFix technique. Once executed, the command downloads and installs the MacSync infostealer.

MacSync Capabilities

MacSync targets macOS Keychain data including system passwords, browser-saved credentials, and private keys from cryptocurrency wallets. Stolen data is bundled into a file named osalogging.zip and exfiltrated to the attackers' command-and-control server.

Moonlock Lab notes that MacSync is an advanced rebrand of an older malware called Mac.c, indicating the operators are actively refining their tooling. Both the Claude artifact and Medium article variants connect to the same C2 infrastructure, confirming a single group is operating both attack chains.

Growing ClickFix Abuse of AI Platforms

This campaign follows a broader pattern of ClickFix operators leveraging AI platforms as trusted delivery mechanisms. Similar techniques have recently been observed using ChatGPT and Grok to distribute malware, exploiting the implicit trust users place in content hosted on recognised AI platforms.

Recommendation

Never paste commands into Terminal from sponsored search results, AI platform pages, or Medium articles without fully understanding what they execute. Download software exclusively from official project websites. Organisations managing Google Ads accounts should enable all available account security controls including hardware MFA to prevent hijacking. macOS users who may have executed commands from suspicious guides should check for the presence of osalogging.zip and audit Keychain access logs for unauthorised queries.