Infostealers disguised as Claude Code target developers through fake AI tool downloads

Infostealers are being disguised as Claude Code, OpenClaw and other AI developer tools

* Kaspersky warns of malvertising campaign abusing Claude Code * Fake download sites deliver Amatera infostealer on Windows, AMOS on macOS * Developers risk exposing source code, corporate data, and credentials Hackers are, once again, taking advantage of current trends to attack software developers with information-stealing malware. Earlier this week, security researchers Kaspersky warned about an ongoing malvertising campaign targeting people interested in downloading Claude Code. Claude Code is a coding-focused AI assistant developed by Anthropic. It is like a specialized version of the Claude GenAI chatbot, designed specifically to help software developers write, edit, and debug code and, in a sense, is similar to tools like GitHub Copilot, or ChatGPT's coding capabilities. Infected with infostealers According to Kaspersky, some people searching for "Claude Code download", "OpenClaw download", and similar tools, will get a malicious ad shown in the very top of the search engine's results page. Clicking on those ads leads to websites that, in almost every aspect, look identical to the authentic pages set up by Anthropic and OpenAI. To make matters worse, installing Claude Code is not the same as installing an app, or a program. It requires copying and pasting code in the Windows Command Prompt, or macOS Terminal, making the compromise even harder to spot. Those that don't spot it, and try to install these fake assistants, will get a different version of an infostealer, depending on the operating system they are running. Those on Windows will end up getting Amatera, an information-stealing malware that collects data from user directories, web browsers, and cryptocurrency wallets. Kaspersky said it has previously observed Amatera in campaigns using the ClickFix distribution technique and is operated under a Malware-as-a-Service (MaaS) model. On the other hand, macOS users will be infected with the infamous AMOS, a known macOS-oriented infostealer that has been used in countless campaigns against Apple users in the past. "The campaign poses significant risks because AI development tools such as Claude Code and OpenClaw are widely used not only by hobbyists and automation enthusiasts but also by professional developers working in large organizations," said Kaspersky's cybersecurity expert Vladimir Gursky. "If infected, victims may unknowingly expose source code from active projects, confidential corporate data, authentication credentials, and private accounts. This makes such campaigns particularly dangerous for businesses whose developers rely on AI-assisted coding tools." Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button! And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Hackers are disguising malware as Claude Code, and it's easy to fall for the scam

When not writing, Dave enjoys spending time with his family, running, playing the guitar, camping, and serving in his community. His favorite place is the Blue Ridge Mountains, and one day he hopes to retire there (hopefully his fear of heights will have retired by then, too!). Summary Researchers have discovered a new malware campaign targeting AI developer tools. The attack uses sponsored links on Google to impersonate official installation instructions. Targets include popular AI tools like Claude Code and OpenClaw. With the exploding popularity of AI tools, it was only a matter of time before the hackers came calling. The latest run of AI-related malware targets developer tools like Claude Code and OpenClaw, and it's sneaky. Researchers at Kaspersky discovered a campaign targeting developers "looking for installation instructions for Claude Code," according to a post published March 16. How the attack works Malicious commands hiding in plain sight Kaspersky found that when searching for the phrase "Claude Code download," sponsored ads appear at the top of the page (no surprise there). However, the researchers found that one of these ads redirects to a malicious page that looks a lot like the official installation instructions for Claude Code. The timing is unfortunate, as Claude has exploded in popularity over the last several weeks. This malicious page is visually identical to the actual Claude Code instructions, down to the instructions themselves. The difference lies in the installation commands -- when you run the commands from this page, instead of installing Claude, you'll install malware. It seems whoever is behind these attacks is hoping users will just copy and paste the code without double-checking (which, unfortunately, is pretty common). The attacks aren't just targeting Claude Code -- Kaspersky also found similar campaigns targeting "other popular AI tools," specifically naming the viral and very useful OpenClaw and Doubao (an AI tool from ByteDance). They're also not the first attacks of this type to target AI tools. Kaspersky claims it found a similar attack using Google Ads in December 2025. What happens if you run the malicious commands? If you run these fake commands, instead of installing Claude Code, you'll end up with one of two infostealers installed, depending on your OS: Windows: If you're on Windows, the commands will install Amatera. This malware "collects data from user directories, web browsers, and cryptocurrency wallets" and then sends that data off to a remote server. Kaspersky says Amatera has been used in previous campaigns. macOS: macOS users will get AMOS, an infostealer commonly used to target Apple devices. Kaspersky's post highlights the fact that these attacks are specifically targeting developers, which in many cases means it's not just personal info but potentially also business data being stolen. How to stay safe Double-check everything! These attacks are concerning, but should be avoidable as long as you're following basic security best practices. The researchers at Kaspersky offer the following suggestions (paraphrased): Verify links: Always check links, whether they're direct downloads or links to a download page. The malicious sites used in these attacks are hosted on Squarespace, and that's visible in the URL. Verify commands: Don't just blindly copy and paste terminal commands. Always review them before running them -- even if the source looks official. Make sure you understand what you're doing: Don't run commands if you don't know what they do. Use reliable security solutions: Have systems in place to detect malware. Another key point not mentioned here is to follow official links in Google searches, rather than sponsored links. While organic search results can be malicious, you're generally more likely to run into this sort of attack with sponsored links -- especially when the malicious site is attempting to impersonate a legit one. Subscribe to the newsletter for AI security insights Stay informed about AI-related threats -- subscribe to the newsletter for clear, actionable coverage of issues like cloned install pages, malicious commands, and steps to verify links and terminal commands before running them. Get Updates By subscribing, you agree to receive newsletter and marketing emails, and accept our Terms of Use and Privacy Policy. You can unsubscribe anytime. Keep your eyes open out there -- I'd expect AI-related attacks like this to continue to increase in popularity.