Fake Claude search results lure Mac users into ClickFix attack

Researchers warn of a ClickFix campaign that lures macOS users via sponsored search results and shared Claude chats, tricking victims into pasting base64‑encoded commands that fetch a loader script and execute a MacSync‑style infostealer in memory (via osascript), which harvests browser credentials, Keychain data and crypto wallets; mitigations and platform warnings (macOS Tahoe 26.4) are discussed.