Fake Claude Code Spreads Malware to Windows, macOS Users
Threat actors are exploiting a common developer habit — copying installation commands directly from websites — to distribute malware through fake software installation pages.
Security researchers at Push Security recently uncovered a campaign targeting users of Anthropic’s Claude Code, a popular command-line AI coding assistant.
The attackers are using cloned websites and malicious search advertisements to trick victims into installing information-stealing malware on Windows and macOS systems.
“Attackers are distributing almost identical cloned sites of popular developer tools like Claude Code with fake install instructions via malicious search engine ads — tricking victims into installing infostealer malware instead,” the researchers wrote.
Inside the InstallFix malware campaign
The campaign highlights a growing security risk tied to the widespread use of simple terminal commands to install developer tools.
Many modern utilities rely on one-line installation commands — often using a “curl to bash” approach — that automatically download and execute scripts from a remote server. While this method makes installation fast and convenient, it also places significant trust in the source hosting the script.
If the command points to a malicious server, the user may unknowingly execute harmful code directly on their system. According to Push Security’s research on the campaign, attackers are exploiting this workflow by cloning legitimate installation pages and modifying the commands provided to users.
The cloned sites closely replicate the official documentation pages for popular tools, but the installation instructions are altered to fetch malware instead of the intended software. This risk is amplified by the rapid adoption of AI-powered developer tools such as Claude Code.
As AI coding tools expand beyond experienced developers to a broader audience of less technical users, more people may follow installation instructions without carefully verifying the source or reviewing the commands they run.
How InstallFix attacks work
InstallFix attacks rely on a straightforward but effective form of social engineering. Rather than relying on traditional phishing lures or fake error messages, attackers simply impersonate the official installation page for a popular tool.
The cloned site often mirrors the legitimate page almost perfectly, including branding, layout, navigation for documentation, and example commands. To a typical user, the page appears authentic. The only meaningful difference lies in the installation command itself.
Instead of downloading the legitimate installation script from the official Claude Code domain, the malicious command retrieves a payload from an attacker-controlled server.
If a user copies and pastes the command into their terminal — as many installation guides instruct — the malware executes immediately on the system.
Inside the Claude Code malware payload
In the campaign targeting Claude Code, researchers observed the malware launching through cmd(.)exe, which then spawns mshta(.)exe to retrieve and execute additional scripts from a remote malicious domain.
This staged execution process allows attackers to download additional payloads and establish persistence on the victim’s machine.
Search ads used to distribute malware
To drive victims to fake installation pages, attackers rely heavily on malvertising campaigns.
Sponsored search results appear when users search phrases such as “Claude Code install,” “Claude Code CLI,” or related queries. Because sponsored links often appear above legitimate search results, users may click them quickly without closely inspecting the URL.
The attack is particularly effective because search engines sometimes truncate or hide portions of the domain in advertisement previews, making malicious domains appear more legitimate.
Malvertising also bypasses many traditional security controls. Instead of receiving a suspicious email link, victims simply search for a tool they intend to install and unknowingly land on the attacker’s page. Researchers determined that the payload used in the campaign matches signatures associated with Amatera Stealer, a relatively new information-stealing malware family that emerged publicly in 2025.
Amatera is designed to collect sensitive data from infected systems, including browser-stored credentials, session cookies, authentication tokens, and other system information.
The malware uses evasion techniques such as dynamic API resolution and command-and-control communications routed through legitimate content delivery network (CDN) infrastructure to bypass security defenses. Because the traffic blends in with legitimate services, blocking it without disrupting normal operations can be difficult.
Malware campaign hides on trusted infrastructure
Another notable aspect of the campaign is the use of legitimate hosting platforms to deliver the malicious pages. Researchers observed cloned installation sites hosted on services such as Cloudflare Pages, Squarespace, and Tencent EdgeOne.
By leveraging reputable infrastructure providers, attackers can blend their activity into normal web traffic patterns, reducing the likelihood that malicious pages are immediately flagged or taken down.
Reducing risk from InstallFix attacks
Because these InstallFix-style attacks exploit common developer workflows — such as copying installation commands from websites — defenses must focus on both preventing malicious downloads and detecting suspicious command-line activity.
- Avoid clicking sponsored search results when downloading developer tools; instead, access installation instructions directly from official vendor documentation.
- Verify URLs and installation commands before executing them in a terminal, especially when commands use patterns like [curl | bash] that download and run remote scripts.
- Implement DNS filtering, secure web gateways, or domain reputation controls to block access to newly registered or suspicious domains used in malvertising campaigns.
- Deploy endpoint detection and response (EDR) tools to monitor command-line activity, script execution, and suspicious process chains associated with staged malware infections.
- Enforce allow-listing for trusted repositories and consider hosting internal mirrors of commonly used developer tools to ensure installations come from verified sources.
- Apply least privilege policies and restrict administrative access on developer workstations to reduce the impact of malicious installation scripts.
- Regularly test incident response plans and use attack simulation tools around software supply chain exploitation scenarios.
Together, these measures help organizations build resilience against developer-targeted malware campaigns while limiting the potential blast radius if a malicious installation command is executed.
Editor’s note: This article originally appeared on our sister website, eSecurityPlanet.
About Author
![TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense](https://www.trendmicro.com/content/dam/trendmicro/global/en/research/thumbnails/26/unprompted-976-2.png)
