Google Ads infrastructure is being abused as the initial delivery vector for the MacSync infostealer campaign, with adversaries purchasing sponsored results targeting users searching for Claude AI software. No CVE is applicable. The risk to enterprise defenders is that ad-click traffic to legitimate domains through Google Ads bypasses URL-reputation controls, and the Google Ads platform itself has no available enterprise control to block adversary ad purchases targeting your users.