Sophisticated macOS Malware Campaign Exploits AI Hype, Targets Developers

A new and highly targeted malware campaign is exploiting the surging popularity of AI coding tools to infiltrate macOS systems, marking a concerning evolution in threats against Apple's ecosystem. Discovered and disclosed by the security team at cryptocurrency exchange Bybit, this multi-stage operation specifically targets software developers and technical users searching for 'Claude Code,' the AI programming assistant developed by Anthropic.

The attack chain begins with sophisticated social engineering. Threat actors have created a network of deceptive websites and forum posts that appear to offer downloads, tutorials, or cracked versions of Claude Code. These platforms are designed to mimic legitimate developer communities and technical blogs, leveraging search engine optimization (SEO) tactics to appear prominently in search results for users seeking the AI tool. This initial phase is critical for establishing trust with a technically savvy audience that is typically more cautious.

Once a user is lured in and attempts to download the purported software, they receive a malicious disk image file (.dmg). This file is the first stage of a multi-layered attack. Analysis by Bybit's security researchers indicates the payload is designed to bypass macOS Gatekeeper protections, often by exploiting user permissions or using obfuscated scripts that appear benign. The malware exhibits characteristics of a remote access trojan (RAT), capable of establishing persistence on the infected system, exfiltrating sensitive files, logging keystrokes, and capturing credentials.

A particularly alarming aspect of this campaign is its specific focus on cryptocurrency-related data. Given Bybit's role in its discovery, researchers highlight that the malware includes modules to scan for and steal cryptocurrency wallet files, private keys, and exchange-related credentials. This suggests the attackers have a clear financial motive and are tailoring their payload to a high-value target demographic: developers who may possess or manage digital assets.

This campaign underscores several critical trends in the cybersecurity landscape. First, it demonstrates the continued weaponization of AI hype. As tools like Claude, ChatGPT, and GitHub Copilot become integral to development workflows, threat actors are pivoting to use interest in these platforms as a powerful lure. The trust associated with reputable AI brands is being exploited to lower victims' defenses.

Second, it signals a maturation of macOS-focused threats. While historically less targeted than Windows, the macOS user base—especially professionals in development, design, and finance—represents an attractive target due to the perceived higher value of data on these systems. Attackers are investing in more sophisticated social engineering and payload development to compromise this environment.

Third, this is a classic supply chain attack vector, albeit at the individual tool level. By compromising a developer's search for a legitimate tool, attackers can potentially gain access to that developer's work, which could then be used to compromise larger projects or organizations—a downstream ripple effect with significant consequences.

For the cybersecurity community and macOS users, this campaign serves as a stark reminder. The perception of inherent security on Apple devices can create a false sense of safety. Vigilance is required even when downloading tools from seemingly trustworthy sources found via search engines. Best practices include:

The disclosure by Bybit's team provides valuable early warning. As AI tools become further embedded in professional workflows, the security community must anticipate that they will remain a persistent theme in social engineering and malware distribution campaigns. Defenders need to adapt their threat models to account for the targeting of technical professionals through the very tools that define their work.