Unraveling the AI-Driven macOS Malware Campaign Targeting Claude Code Seekers

In recent cybersecurity news, Bybit, the world's second-largest cryptocurrency exchange by trading volume, has uncovered a complex malware campaign directed at macOS users in search of "Claude Code," an AI-powered development tool from Anthropic. This revelation highlights a critical challenge as attackers increasingly exploit the popularity of AI tools to compromise users, particularly developers, through deceptive means.

A New Threat Landscape

The malware campaign was first identified in March 2026, and it utilized search engine optimization (SEO) poisoning techniques to manipulate the visibility of a malicious domain within Google search results. When users searched for Claude Code, they were unwittingly redirected to a counterfeit installation page designed to closely mimic legitimate documentation. This redirection triggered a two-stage attack sequence, with the main focus on credential theft and accessing cryptocurrency assets, all while maintaining persistent control over the compromised systems.

The initial payload was delivered through a Mach-O dropper, unleashing an infostealer built with osascript that exhibited similar traits to known malware families like AMOS and Banshee. Through a multi-layered obfuscation process, the malware extracted sensitive information, including browser credentials, entries from the macOS Keychain, VPN configurations, Telegram sessions, and cryptocurrency wallet data. Researchers from Bybit noted attempts to access over 250 browser-based wallet extensions and various desktop wallet applications.

Advanced Techniques and Evasion Capabilities

The second stage of the attack presented a C++-based backdoor, equipped with sophisticated evasion techniques to avoid detection. These capabilities included sandbox detection and encrypted runtime settings, which made the malware even more formidable. This malicious software established persistence by utilizing system-level agents and facilitated remote command execution through HTTP-based polling, giving the attackers ongoing access to the compromised devices.

Bybit's Security Operations Center (SOC) employed AI-assisted workflows throughout the entire malware analysis cycle, significantly speeding up response times while preserving analytical rigor. Initial assessments and classifications of the Mach-O sample were completed in minutes, aided by models pinpointing behavioral similarities to existing malware families.

AI-enabled reverse engineering and control-flow analysis dramatically reduced the time taken to inspect the second-stage backdoor from an estimated six to eight hours to less than 40 minutes. Furthermore, automated pipelines streamlined the identification of indicators of compromise (IOCs), mapping them to established threat frameworks and enabling prompt deployment of detection measures. AI-assisted rule generation further supported the swift creation of threat signatures and endpoint detection protocols, which analysts confirmed before integration into operational environments. Additionally, the AI-generated reporting drafts expedited the threat intelligence outputs, resulting in a 70% reduction in turnaround time compared to traditional procedures.

A Call for Collective Defense

David Zong, the Head of Group Risk Control and Security at Bybit, emphasized, “As one of the first crypto exchanges to record and share this kind of malware campaign, we believe it’s vital to bolster collective defense across the sector. Our AI-driven SOC empowers us to navigate from detection to comprehensive kill chain visibility within the same operational period. A task that previously required multiple analysts across various shifts was completed in one session with AI taking on the bulk of the workload, allowing our analysts to focus on validation.”

The investigation also uncovered social engineering tactics such as fake macOS password prompts intended to validate and store user credentials. Attackers even attempted to replace legitimate cryptocurrency wallet applications, including Ledger Live and Trezor Suite, with trojanized versions hosted on their malicious servers.

The malware targeted multiple environments, including popular browsers like Chromium-based browsers, Firefox variants, and Safari, in addition to local file directories typically used to store sensitive information and credentials. Bybit was successful in locating several domains and command-and-control endpoints associated with this campaign, all of which have since been neutralized for public awareness.

A Growing Concern

The incident is reflective of a broader trend where attackers are increasingly focusing on developers through manipulated search results, especially as AI tools garner mainstream acceptance. Developers are prime targets due to their access to code bases and financial systems, which raises the stakes significantly. The infrastructure associated with this malicious initiative was identified as early as March 12, with a comprehensive analysis and corresponding mitigation measures completed within the same day. A public disclosure followed on March 20, accompanied by detailed guidelines for detection.

As the cybersecurity landscape evolves, the necessity for vigilance and advanced detection capabilities cannot be overstated. Bybit's proactive measures in sharing insights from these findings will, no doubt, aid others in fortifying their defenses against similar threats.