{"data":{"id":"6fc002f4-21d3-40b4-bf02-6eee54482f71","title":"Claude LLM artifacts abused to push Mac infostealers in ClickFix attack","summary":"Threat actors are abusing Claude artifacts (AI-generated content shared publicly on claude.ai) and Google Ads to trick macOS users into running malicious commands that install MacSync infostealer malware (software that steals sensitive data like passwords and crypto wallets). Over 10,000 users have viewed these fake guides disguised as legitimate tools like DNS resolvers or HomeBrew package managers.","solution":"Users are recommended to exert caution and avoid executing in Terminal commands they don't fully understand. As noted by Kaspersky researchers, asking the chatbot in the same conversation about the safety of the provided commands is a straightforward way to determine if they're safe or not.","labels":["security"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/","publishedAt":"2026-02-13T20:21:43.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude","Anthropic","Google Ads","ChatGPT","Grok","Medium","MacSync infostealer"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}