BITDEFENDER'S research reveals a malicious Google Ads campaign exploiting interest in Claude, a large language model from Anthropic. Attackers created fake ads leading users to a counterfeit documentation site. This impersonation led to malware downloads for both Windows and macOS users. Windows victims executed malware via mshta.exe, while macOS users utilized a complex terminal command to install a Mach-O backdoor.
The impersonated ads leveraged a compromised advertiser account from a Malaysian company, and Google has since disabled the account. Victims are encouraged to avoid downloading software from sponsored results and to verify URLs.