Google ad impersonated a real claude.ai link and installed malware
A user searched "Claude Code Mac" on Google and clicked a top ad whose displayed domain looked like . The page was actually a genuine /share/ conversation link, but the attacker had prompted Claude into writing a convincing install guide inside it — Claude's own interface rendered it with a normal-looking green code block and a copy button.
The user copied and pasted the command into Terminal, but it wasn't an install script at all; it was a curl | zsh one-liner that fetches and immediately runs remote code. Three days later, the user's Anthropic silently upgraded from Pro ($20/month) to Max ($100/month), and five minutes after that, their spouse's Gmail-linked account jumped from Max to the higher Max tier ($100 to $200) — neither of them made these changes.
Shortly after, they discovered their Chase Ultimate Rewards points had been drained. At the time of writing, the malicious ad was still ranking above the official Anthropic site in results.
Key points
- Searched "Claude Code Mac" on Google and clicked an ad displaying the domain
- The page was a real /share/ link containing a fake install guide Claude had been prompted to write
- The copied command was a curl | zsh one-liner that fetches and runs remote code, not an install script
- Three days later the user's was silently upgraded Pro→Max, and a family member's Max→higher Max tier
- Chase Ultimate Rewards points were stolen, and the malicious ad was still live above the official site at time of writing