This pack covers a single high-severity campaign in which threat actors abuse Google Ads infrastructure and Anthropic’s Claude.ai shared-chat feature to deliver MacSync, a polymorphic memory-resident infostealer targeting macOS endpoints. The attack exploits trust in legitimate platforms to bypass URL-reputation and domain-filtering controls, making standard perimeter defenses ineffective against this delivery chain. Immediate attention is required for organizations with Mac-heavy workforces, developer populations, or employees who may search for and download AI tools, as successful compromise exposes browser credentials, macOS Keychain secrets, session tokens, and cryptocurrency wallets with no vendor patch available.