Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads

Bitdefender researchers uncovered a malicious Google Ads campaign that impersonated Claude Code and directed users to a fake Squarespace documentation page that instructs Windows and macOS users to run terminal commands; executing those commands delivered mshta-based info‑stealers on Windows and a Mach‑O backdoor on macOS. The report presents technical analysis of the payloads (including anti‑VM/sandbox checks and remote shell functionality), multiple IOCs (file hashes and malicious URLs), attribution evidence suggesting a compromised advertiser account, and user protection recommendations.