MalwareMay 20, 2026

2026-05-20 (Tuesday): Pages impersonating Claude and Homebrew continue to distribute malware like...

Fake Claude and Homebrew pages distribute MacSync stealer via ClickFix social engineering.

Summary

Threat actors are operating malicious web pages impersonating popular developer tools Claude and Homebrew to distribute the MacSync stealer malware. The attack leverages ClickFix-style social engineering tactics—fake browser alerts and urgent prompts—to trick users into downloading malicious payloads. This campaign highlights ongoing risks in the developer ecosystem targeting macOS users.

Indicators of Compromise

malware — MacSync
malware — ClickFix

Entities

Claude (product)Homebrew (product)ClickFix-style social engineering (campaign)