- Kaspersky warns of malvertising campaign abusing Claude Code
- Fake download sites deliver Amatera infostealer on Windows, AMOS on macOS
- Developers risk exposing source code, corporate data, and credentials
Hackers are, once again, taking advantage of current trends to attack software developers with information-stealing malware.
Earlier this week, security researchers Kaspersky warned about an ongoing malvertising campaign targeting people interested in downloading Claude Code.
Claude Code is a coding-focused AI assistant developed by Anthropic. It is like a specialized version of the Claude GenAI chatbot, designed specifically to help software developers write, edit, and debug code and, in a sense, is similar to tools like GitHub Copilot, or ChatGPT’s coding capabilities.
Infected with infostealers
According to Kaspersky, some people searching for “Claude Code download”, “OpenClaw download”, and similar tools, will get a malicious ad shown in the very top of the search engine’s results page. Clicking on those ads leads to websites that, in almost every aspect, look identical to the authentic pages set up by Anthropic and OpenAI.
To make matters worse, installing Claude Code is not the same as installing an app, or a program. It requires copying and pasting code in the Windows Command Prompt, or macOS Terminal, making the compromise even harder to spot.
Those that don’t spot it, and try to install these fake assistants, will get a different version of an infostealer, depending on the operating system they are running. Those on Windows will end up getting Amatera, an information-stealing malware that collects data from user directories, web browsers, and cryptocurrency wallets. Kaspersky said it has previously observed Amatera in campaigns using the ClickFix distribution technique and is operated under a Malware-as-a-Service (MaaS) model.
On the other hand, macOS users will be infected with the infamous AMOS, a known macOS-oriented infostealer that has been used in countless campaigns against Apple users in the past.
“The campaign poses significant risks because AI development tools such as Claude Code and OpenClaw are widely used not only by hobbyists and automation enthusiasts but also by professional developers working in large organizations,” said Kaspersky’s cybersecurity expert Vladimir Gursky.
“If infected, victims may unknowingly expose source code from active projects, confidential corporate data, authentication credentials, and private accounts. This makes such campaigns particularly dangerous for businesses whose developers rely on AI-assisted coding tools.”
