- Kaspersky warns of malicious advertising campaign that abuses Code Claude
- Fake download sites offer Amatera infostealer on Windows, AMOS on macOS
- Developers risk exposing source code, corporate data and credentials
Hackers are once again taking advantage of current trends to attack software developers with information-stealing malware.
Earlier this week, security researchers Kaspersky warned of an ongoing malvertising campaign targeting people interested in downloading Claude Code.
Claude Code is a coding-focused AI assistant developed by Anthropic. It’s like a specialized version of the Claude GenAI chatbot, designed specifically to help software developers write, edit, and debug code, and in some ways is similar to tools like GitHub Copilot or ChatGPT’s coding capabilities.
Article continues below.
Infected with information thieves
According to Kaspersky, some people searching for “Claude Code download,” “OpenClaw download,” and similar tools will see a malicious ad at the top of the search engine results page. Clicking on those ads takes you to websites that, in almost every way, look identical to the authentic pages created by Anthropic and OpenAI.
To make matters worse, installing Claude Code is not the same as installing an application or program. It requires copying and pasting code into the Windows command prompt or macOS terminal, making the compromise even harder to detect.
Those who fail to detect it and attempt to install these fake wizards will get a different version of an information stealer, depending on the operating system they are running. Those using Windows will end up getting Amatera, a malware that steals information and collects data from user directories, web browsers, and cryptocurrency wallets. Kaspersky said it has previously observed Amatera in campaigns that use the ClickFix distribution technique and that it operates under a malware-as-a-service (MaaS) model.
On the other hand, macOS users will be infected with the infamous AMOS, a well-known macOS-targeted data stealer that has been used in countless campaigns against Apple users in the past.
“The campaign poses significant risks because AI development tools such as Claude Code and OpenClaw are widely used not only by hobbyists and automation enthusiasts but also by professional developers working in large organizations,” said Vladimir Gursky, cybersecurity expert at Kaspersky.
“If infected, victims can unknowingly expose the source code of active projects, sensitive corporate data, authentication credentials, and private accounts. This makes these types of campaigns particularly dangerous for companies whose developers rely on AI-assisted encryption tools.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
