Google’s Ads platform is being abused as an initial access delivery mechanism in an active macOS-targeting campaign impersonating Anthropic Claude and Homebrew. The platform itself is not vulnerable; threat actors are purchasing malicious search ads that redirect macOS developer users to spoofed pages instructing terminal command execution, delivering the ACR infostealer. Google Ads represents the delivery vector; the remediation obligation falls on enterprise defenders through DNS filtering, web proxy controls, and end-user awareness rather than on vendor patching.