This report details a malicious Google ad campaign targeting macOS users. Attackers utilized search terms like "Homebrew" to display fraudulent advertisements leading to a page impersonating the download site for Claude AI. The campaign employs a "ClickFix" social engineering technique, where victims are instructed to copy and paste a malicious command directly into their terminal to resolve a fake installation error.
Once executed, the malware attempts to gain elevated privileges by prompting the user for their system password and requesting broad access to the Finder and various user folders. The report provides comprehensive technical evidence, including network traffic captures (PCAPs), Indicators of Compromise (IOCs), and sample files for security researchers to analyze the infection chain and behavior.
Top comments (0)