Bybit Security exposes macOS malware campaign targeting users searching for Claude Code

Bybit has disclosed details of a multi-stage macOS malware campaign targeting users searching for “Claude Code,” an AI-powered development tool by Anthropic, according to findings published by its Security Operations Center (SOC) and shared with Finbold on April 21.

The company said the campaign represents one of the first publicly documented cases in which a centralized crypto exchange (CEX) has identified and analyzed an active threat exploiting AI tool discovery channels to target developers.

According to Bybit, the campaign was first identified in March 2026 and relied on search engine optimization (SEO) poisoning to elevate a malicious domain to the top of Google search results. Users searching for “Claude Code” were redirected to a spoofed installation page designed to closely resemble legitimate documentation.

Multi-stage malware chain targets credentials and crypto wallets

Bybit’s analysis found that the attack deployed a two-stage malware chain. The initial payload, delivered via a Mach-O dropper, installed an osascript-based infostealer exhibiting characteristics similar to known AMOS and Banshee variants.

The infostealer executed a multi-phase obfuscation process to extract sensitive data, including browser credentials, macOS Keychain entries, Telegram sessions, VPN profiles, and cryptocurrency wallet information. Bybit researchers identified targeted access attempts against more than 250 browser-based wallet extensions, as well as multiple desktop wallet applications.

A second-stage payload introduced a C++-based backdoor featuring advanced evasion techniques such as sandbox detection and encrypted runtime configuration. The malware established persistence through system-level agents and enabled remote command execution via HTTP-based polling, allowing attackers to maintain ongoing control over compromised devices.

The investigation also uncovered social engineering tactics, including fake macOS password prompts used to validate and cache user credentials. In some cases, attackers attempted to replace legitimate wallet applications such as Ledger Live and Trezor Suite with trojanized versions hosted on malicious infrastructure.

AI-assisted analysis accelerates detection and response

Bybit said its SOC leveraged AI-assisted workflows across the full malware analysis lifecycle, significantly reducing response times while maintaining analytical depth. Initial triage and classification of the Mach-O sample were completed within minutes, with AI models flagging behavioral similarities to known malware families.

According to the company, AI-assisted reverse engineering and control-flow analysis reduced deep inspection of the second-stage backdoor from an estimated six to eight hours to under 40 minutes. Automated extraction pipelines identified indicators of compromise, including command-and-control infrastructure, file signatures, and behavioral patterns, which were mapped to established threat frameworks.

These capabilities enabled same-day deployment of detection measures. AI-assisted rule generation supported the creation of threat signatures and endpoint detection rules, which were validated by analysts before being pushed to production environments. Bybit said AI-generated reporting drafts reduced turnaround time, allowing threat intelligence outputs to be finalized approximately 70% faster than traditional workflows.

“As one of the first crypto exchanges to publicly document this type of malware campaign, we believe sharing these findings is critical to strengthening collective defense across the industry,” said David Zong, Head of Group Risk Control and Security at Bybit. “Our AI-assisted SOC allows us to move from detection to full kill chain visibility within a single operational window. What used to require a team of analysts working across multiple shifts — decompilation, IOC extraction, report drafting, rule writing — was completed in a single session with AI handling the heavy lifting and our analysts providing judgment and validation. Looking to the future, we will face an AI war. Using AI to defend against AI is an inevitable trend. Bybit will further increase its investment in AI for security, achieving minute-level threat detection and automated, intelligent emergency response.”

The malware targeted a wide range of environments, including Chromium-based browsers, Firefox variants, Safari data, Apple Notes, and local file directories commonly used to store sensitive financial or authentication information.

Bybit said it identified multiple domains and command-and-control endpoints associated with the campaign, all of which have since been defanged for public disclosure. Analysis indicated that attackers relied on intermittent HTTP polling rather than persistent connections, making detection more challenging.

According to Bybit, malicious infrastructure associated with the campaign was identified on March 12. Full analysis, mitigation, and internal detection measures were completed within the same day. Public disclosure followed on March 20, accompanied by detailed detection and remediation guidance to help users identify and mitigate similar threats.

Featured image via Shutterstock.