- Kaspersky raises alarms over malvertising campaign exploiting Claude Code
- Fraudulent download sites spread Amatera infostealer for Windows and AMOS for macOS
- Developers risk exposing sensitive source code, corporate information, and credentials
Cybercriminals are leveraging contemporary trends to launch attacks against software developers using malware designed for data theft.
Recently, Kaspersky’s security experts alerted the public about an active malvertising operation targeting individuals who are searching to download Claude Code.
Claude Code is an AI programming assistant created by Anthropic, functioning similarly to the Claude GenAI chatbot. This tool is tailored specifically to assist developers in writing, editing, and debugging code, akin to platforms like GitHub Copilot or the coding features of ChatGPT.
Article continues below
Infection with Infostealers
Kaspersky reports that users searching for terms like “Claude Code download” and “OpenClaw download” may encounter deceptive advertisements at the top of search engine results. Clicking these ads directs users to websites that almost perfectly mimic the legitimate pages created by Anthropic and OpenAI.
This situation is exacerbated by the installation method for Claude Code, which involves copying and pasting code into the Windows Command Prompt or macOS Terminal, making it harder to detect malicious activity.
Users who fail to recognize the deception and proceed with installing these counterfeit assistants will inadvertently download different variants of an infostealer, depending on their operating system. Windows users face the risk of installing Amatera, an infostealer that gathers data from user directories, web browsers, and cryptocurrency wallets. Kaspersky has observed Amatera being utilized in campaigns employing the ClickFix distribution strategy and is operated under a Malware-as-a-Service (MaaS) model.
Meanwhile, macOS users may be affected by the notorious AMOS, an infostealer that has been used in numerous campaigns targeting Apple users in the past.
“This campaign poses serious dangers as AI development tools like Claude Code and OpenClaw are utilized by not only hobbyists but also professional developers within large organizations,” noted Kaspersky’s cybersecurity expert, Vladimir Gursky.
“If they become infected, victims could unwittingly expose sensitive source code, confidential corporate data, authentication credentials, and personal accounts. This renders these campaigns especially hazardous for businesses that depend on AI-assisted coding tools.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source for the latest expert news, reviews, and opinions in your feed. Don’t forget to press the Follow button!
Additionally, you can follow TechRadar on TikTok for video updates on news, reviews, and unboxings, and stay connected with us on WhatsApp too.
