Mac Users Warned Over Fake Claude Install Instructions

Mac users searching for Claude are being targeted by an active campaign that uses Google Ads and Claude shared-chat content to present fake installation instructions; when victims paste the provided Terminal commands they can download and run multi-stage malware (including a MacSync infostealer) that steals browser credentials, cookies, and Keychain data and employs in-memory obfuscation to evade detection — users should only follow official documentation and avoid running commands from chats or ad-driven pages.