The recent MacSync campaign used hijacked Google Ads and user-generated pages on Claude.ai to trick people into pasting obfuscated shell commands into Terminal, delivering a polymorphic infostealer that harvests Keychain items, browser cookies, and crypto keys. Below are the attack’s mechanics, quick checks you can run now, and concrete operational steps for teams and users. […]