Infostealers are being disguised as Claude Code, OpenClaw and other AI developer tools
Date:
Wed, 18 Mar 2026 14:00:00 +0000
Description:
Be careful with search engine results, crooks are smuggling infostealers
again.
FULL STORY
Kaspersky warns of malvertising campaign abusing Claude Code
Fake download sites deliver Amatera infostealer on Windows, AMOS on macOS Developers risk exposing source code, corporate data, and credentials
Hackers are, once again, taking advantage of current trends to attack software developers with information-stealing malware.
Earlier this week, security researchers Kaspersky warned about an ongoing malvertising campaign targeting people interested in downloading Claude Code. Claude Code is a coding-focused AI assistant developed by Anthropic. It is
like a specialized version of the Claude GenAI chatbot , designed
specifically to help software developers write, edit, and debug code and, in
a sense, is similar to tools like GitHub Copilot, or ChatGPTs coding capabilities. Infected with infostealers -- According to
Kaspersky, some people searching for Claude Code download, OpenClaw download, and similar tools, will get a malicious ad shown in the very top of the
search engines results page. Clicking on those ads leads to websites that, in almost every aspect, look identical to the authentic pages set up by
Anthropic and OpenAI.
To make matters worse, installing Claude Code is not the same as installing
an app, or a program. It requires copying and pasting code in the Windows Command Prompt, or macOS Terminal, making the compromise even harder to spot.
Those that dont spot it, and try to install these fake assistants, will get a different version of an infostealer, depending on the operating system they
are running. Those on Windows will end up getting Amatera, an information-stealing malware that collects data from user directories, web browsers, and cryptocurrency wallets. Kaspersky said it has previously
observed Amatera in campaigns using the ClickFix distribution technique and
is operated under a Malware-as-a-Service (MaaS) model.
On the other hand, macOS users will be infected with the infamous AMOS, a
known macOS-oriented infostealer that has been used in countless campaigns against Apple users in the past.
The campaign poses significant risks because AI development tools such as Claude Code and OpenClaw are widely used not only by hobbyists and automation enthusiasts but also by professional developers working in large
organizations, said Kasperskys cybersecurity expert Vladimir Gursky.
If infected, victims may unknowingly expose source code from active projects, confidential corporate data, authentication credentials, and private
accounts. This makes such campaigns particularly dangerous for businesses
whose developers rely on AI-assisted coding tools.
Link to news story:
https://www.techradar.com/pro/security/infostealers-are-being-disguised-as-cla ude-code-openclaw-and-other-ai-developer-tools
$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/107)