- Trend Micro discovered that criminals were abusing Claude’s “Shared Chats” feature to spread information thieves through ClickFix and malvertising.
- Fake Apple support chats on claude.ai, promoted via Google Ads, tricked macOS developers into pasting malicious commands
- Anthropic banned accounts and disabled malicious conversations, promising new abuse mitigation measures.
Trend Micro security researchers have detected criminals abusing a legitimate feature of Claude AI to trick software developers into uploading malware. The campaign also includes malvertising, as well as the proven ClickFix method.
The goal of the campaign is to infect software developers – primarily those who create AI tools on the macOS environment – with infostealers.
Targets from Russian-speaking countries are apparently spared, while the majority of victims are located in Taiwan (30% of total trafficking). This country is followed by Japan, Singapore and the United States.
Fraudulent accounts banned
At the center of the attack is a feature called “Shared Claude Chats,” which allows users to create clickable links to previous conversations they’ve had with the AI. These chats can then be shared with others via a public URL. Scammers created chats showing fake Apple Support instructing the user on how to install Claude Code (a command-line coding assistant).
However, the instructions are nothing more than the standard ClickFix scam: they ask the user to bring up the terminal and paste a command, which triggers a chain reaction leading to an infostealer infection.
The second step is to advertise these URLs to the appropriate target audience, which was done through Google Ads. The criminals were able to buy ads on Google’s network and set them up so that anyone searching for “Claude Code on Mac” (or similar keywords) would see those URLs as the first result.
As the sites were hosted on the claude.ai domain, there was nothing suspicious about the links.
Trend Micro is not the first company to warn against this campaign. In mid-May this year, security researcher Berk Albayrak posted a new warning on LinkedIn, detailing a nearly identical campaign. Same approach, same objectives and above all, same exclusions.
Researchers say Anthropic investigated and banned the responsible accounts and disabled malicious shared conversations. The AI company is reportedly “implementing additional abuse mitigation measures.”
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
