2026-05-11: Google ad for Claude leads to macOS malware infection
2026-05-11 (MONDAY): GOOGLE AD FOR CLAUDE LEADS TO MACOS MALWARE INFECTIONNOTICE:Zip files ar 2026-5-11 23:54:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:5 收藏
2026-05-11 (MONDAY): GOOGLE AD FOR CLAUDE LEADS TO MACOS MALWARE INFECTIONNOTICE:Zip files ar 2026-5-11 23:54:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:5 收藏
2026-05-11 (MONDAY): GOOGLE AD FOR CLAUDE LEADS TO MACOS MALWARE INFECTION
NOTICE:
- Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website.
ASSOCIATED FILES:
- 2026-05-11-IOCs-for-macOS-malware-infection.txt.zip 1.9 kB (1,884 bytes)
- 2026-05-11-macOS-malware-infection-traffic.pcap.zip 17.8 MB (17,805,524 bytes)
- 2026-05-11-files-from-macOS-malware-infection.zip 1.3 MB (2,328,112 bytes)
IMAGES
Shown above: Google ad in results from a search for Homebrew.
Shown above: Advertiser from the malicious ad.
Shown above: Oage impersonating a site to download Claude.
Shown above: ClickFix-style instructions from malicious page impersonating site to download Claude.
Shown above: Command copied from the page and pasted into a terminal window.
Shown above: During the infection, the malware asks for the user's password.
Shown above: The malware also asks for access to Finder.
Shown above: The malware also asks for access to various folders from the user.
Shown above: Traffic from the infection filtered in Wireshark.
Click here to return to the main page.
文章来源: https://www.malware-traffic-analysis.net/2026/05/11/index.html
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh