GhostClaw, a macOS infostealer, is spreading through GitHub repositories and developer tools, and it works because routine install habits make running malware feel completely normal.