- Kaspersky warns against malvertising campaign abusing Claude Code
- Fake download sites provide Amatera infostealer on Windows, AMOS on macOS
- Developers risk exposing source code, corporate data and credentials
Hackers are once again taking advantage of current trends to attack software developers with information-stealing malware.
Earlier this week, security researchers warned Kaspersky about an ongoing malvertising campaign targeting people interested in downloading Claude Code.
Claude Code is a coding-focused AI assistant developed by Anthropic. It’s like a specialized version of the Claude GenAI chatbot, designed specifically to help software developers write, edit, and debug code, and is kind of similar to tools like GitHub Copilot or ChatGPT’s coding capabilities.
The article continues below
Infected with info thieves
According to Kaspersky, some people searching for “Claude Code download”, “OpenClaw download” and similar tools will have a malicious ad displayed at the very top of the search engine results page. Clicking on these ads leads to websites that look identical in almost every aspect to the authentic pages created by Anthropic and OpenAI.
To make matters worse, installing Claude Code is not the same as installing an app or program. It requires copying and pasting code into the Windows Command Prompt or macOS Terminal, making the compromise even harder to spot.
Those who do not detect it and try to install these fake assistants will get a different version of an infostealer depending on which operating system they are running. Those on Windows end up with Amatera, an information-stealing malware that collects data from user folders, web browsers and cryptocurrency wallets. Kaspersky said it previously observed Amatera in campaigns using the ClickFix distribution technique and operated under a Malware-as-a-Service (MaaS) model.
On the other hand, macOS users will be infected with the infamous AMOS, a known macOS-oriented infostealer that has been used in countless campaigns against Apple users in the past.
“The campaign poses significant risks because AI development tools such as Claude Code and OpenClaw are widely used not only by hobbyists and automation enthusiasts, but also by professional developers working in large organizations,” said Kaspersky cybersecurity expert Vladimir Gursky.
“If infected, victims can unwittingly expose source code from active projects, confidential company data, authentication information, and private accounts. This makes such campaigns particularly dangerous for companies whose developers rely on AI-assisted coding tools.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
