technology

Bybit Security Team Uncovers Malware Campaign Targeting macOS Users

Bybit's security team has discovered a malware operation aimed at macOS users searching for Claude Code. The campaign employs SEO poisoning to lead victims to fraudulent installation pages. These pages are built to extract cryptocurrency wallet credentials and enable remote access to devices.

1 source·Apr 22, 11:52 AM(14 days ago)·1m read

Audio version

Tap play to generate a narrated version.

Developing·Limited corroboration so far. This page will refresh as more sources emerge.

Bybit's security team uncovered a malware campaign targeting macOS users who search for Claude Code, @CoinDesk reported. The campaign utilizes SEO poisoning techniques to redirect those users to counterfeit installation pages. These fake pages are specifically designed to steal credentials from cryptocurrency wallets.

In addition, the fraudulent sites aim to secure remote access to the victims' devices. The discovery highlights ongoing threats in the crypto space, with attackers exploiting search behaviors to compromise user security.

Key Facts

Malware discovery

Bybit's security team uncovered a campaign targeting macOS users searching for Claude Code

Attack method

The campaign employs SEO poisoning to redirect users to fake installation pages

Objectives

Fake pages aim to steal crypto wallet credentials and gain remote device access

Target audience

Primarily affects macOS users engaged in searches for Claude Code

cybersecurity malware crypto macos seo-poisoning

Story Timeline

3 events

2026-04-22
Bybit's security team uncovers the malware campaign targeting macOS users
1 source@CoinDesk
Recent (undated in sources)
Malware campaign uses SEO poisoning to redirect searches for Claude Code
1 source@CoinDesk
Recent (undated in sources)
Fake pages designed to steal crypto wallet credentials and gain remote access
1 source@CoinDesk

Potential Impact

01
Heightened awareness and security measures in the crypto community
02
Potential theft of cryptocurrency assets from affected users
03
Increased remote access vulnerabilities for macOS devices
04
Possible broader adoption of SEO poisoning tactics by other threat actors

Transparency Panel

Sources cross-referenced1

Framing risk15/100 (low)

Confidence score75%

Synthesized bySubstrate AI

Word count75 words

PublishedApr 22, 2026, 11:52 AM

Bias signals removed2 across 2 outlets

Signal Breakdown

Loaded 2

Original Sources

@CoinDeskALERT: @Bybit_Official's security team uncovers a malware campaign targeting macOS users searchin...

Shivon Zilis Testifies in Musk v. OpenAI Trial

Shivon Zilis, a Neuralink executive and mother of four of Elon Musk's children, testified on Wednesday in the second week of the trial. The testimony detailed her role at OpenAI and relationship with Musk. Other witnesses described internal conflicts during the company's shift fr…

+10

15 sources

Substrate placeholder — needs review · Wikimedia Commons (CC BY-SA 3.0)

ai1 hr agoFraming55

Anthropic Acquires Full Compute Capacity of SpaceX Colossus 1

Anthropic announced a partnership to access all compute resources at SpaceX's Colossus 1 data center. The agreement delivers more than 300 megawatts of capacity across over 220,000 Nvidia GPUs and includes interest in future orbital data centers. It follows Musk's recent meetings…

9 sources

Apple Settles Siri AI Lawsuit for $250 Million, No Wrongdoing Admitted

forbes.com (News photo)

technology3 hrs ago

Apple Settles Siri AI Lawsuit for $250 Million, No Wrongdoing Admitted

Apple agreed Tuesday to pay $250 million to resolve a class-action lawsuit alleging it misled U.S. buyers about upcoming artificial intelligence features for Siri on iPhone 15 and 16 models. The deal, filed in California federal court without any admission of wrongdoing, would pr…