- Kaspersky warns of malicious advertising campaign abusing Claude code
- Fake download sites offer Amatera infostealer on Windows, AMOS on macOS
- Developers risk exposing source code, corporate data and credentials
Hackers are once again taking advantage of current trends to attack software developers with information-stealing malware.
Earlier this week, security researchers Kaspersky warned of an ongoing malvertising campaign targeting people interested in downloading Claude Code.
Claude Code is a coding-focused AI assistant developed by Anthropic. It is a specialized version of the Claude GenAI chatbot, designed specifically to help software developers write, modify and debug code and, in a sense, is similar to tools like GitHub Copilot or the coding capabilities of ChatGPT.
Article continues below
Infected by information thieves
According to Kaspersky, some people searching for “Claude Code Download”, “OpenClaw Download” and similar tools will see a malicious advertisement displayed at the very top of the search engine results page. Clicking on these ads leads to websites that, in almost every aspect, appear identical to the genuine pages created by Anthropic and OpenAI.
To make matters worse, installing Claude Code is not the same as installing an application or program. This requires copying and pasting code into the Windows Command Prompt or macOS Terminal, making the compromise even harder to spot.
Those who do not notice this and attempt to install these fake helpers will get a different version of an infostealer, depending on the operating system they are using. Those using Windows will eventually get Amatera, an information-stealing malware that collects data from user directories, web browsers, and cryptocurrency wallets. Kaspersky said it had previously observed Amatera in campaigns using the ClickFix distribution technique and that it was being operated under a Malware-as-a-Service (MaaS) model.
On the other hand, macOS users will be infected with the infamous AMOS, a known macOS-oriented information stealer that has been used in countless campaigns against Apple users in the past.
“The campaign poses significant risks because AI development tools such as Claude Code and OpenClaw are widely used not only by amateurs and automation enthusiasts, but also by professional developers working in large organizations,” said Kaspersky cybersecurity expert Vladimir Gursky.
“If infected, victims can unknowingly expose the source code of active projects, confidential company data, authentication credentials, and private accounts. This makes such campaigns particularly dangerous for companies whose developers rely on AI-assisted coding tools.”
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
