The InstallFix Trap: Fake Claude AI Google Ads Drop Fileless RedLine Malware on Developers
Ddos 
Stages of the infection chain | Image: TrendMicro
A sophisticated new campaign, dubbed InstallFix, is currently targeting professionals searching for Anthropic’s Claude AI tools. By leveraging high-ranking Google Ads, attackers are intercepting legitimate searches and leading victims through a meticulously crafted five-stage infection chain designed to bypass modern security controls.
The attack begins when a user searches for terms like “Claude Code install”. Attackers purchase sponsored search results that appear at the very top of Google Search, often appearing more legitimate than organic results.
As the report notes: “The user assumed the site was legitimate because it was promoted through Google Ads.”
These fraudulent landing pages use the “ClickFix” social engineering pattern. Instead of a standard download button, users are instructed to copy and paste a “quick install” command into PowerShell (Windows) or Terminal (macOS). This mimics the modern “curl-to-bash” installation style common among developers, making the trap highly effective for both technical and non-technical staff.
The InstallFix campaign is characterized by its “alarming sophistication” and use of fileless techniques to stay under the radar.
The user executes an OS-specific command from the fake site, which triggers the machine to fetch a remote payload.
The machine downloads a file named claude.msixbundle. While it looks like a valid app package, it is actually a ZIP/HTA polyglot. It contains legitimate Microsoft Bing packages to maintain an appearance of authenticity, but it has a malicious HTA (HTML Application) payload appended to the end of the file.
The machine’s mshta.exe binary executes the appended VBScript silently. To ensure the user suspects nothing, the malware calls resizeTo(0,0), effectively hiding the window from view.
The VBScript launches a heavily obfuscated PowerShell stager. This stage is critical for evasion:
- AMSI Bypass: It patches the Antimalware Scan Interface (AMSI) in memory, blinding local antivirus for the rest of the session.
- SSL Bypass: It disables SSL certificate validation to communicate freely with attacker-controlled servers.
- Victim Fingerprinting: It generates a unique 16-character token based on the machine’s name and username.
The malware contacts a unique subdomain (e.g., [token].oakenfjrod.ru) to download the final payload directly into memory.
Evidence suggests the InstallFix campaign is a delivery mechanism for variants of the RedLine Stealer.
Once the infection is complete, the malware performs the following:
- Credential Harvesting: It scans for login data and cookies across multiple browsers.
- Crypto Theft: It specifically targets e-wallet applications like MyMonero, Exodus, and various browser-based crypto extensions.
- Persistence: The malware creates scheduled tasks (e.g., “FilelessCleanup”) to ensure it remains active even after a system reboot or user logout.
This is not a localized threat. Telemetry has confirmed targets across the Americas, Europe, and the AMEA regions, specifically hitting industries such as: Government, Education Electronics, Food and Beverage.
The InstallFix campaign represents a dangerous evolution in social engineering, “weaponizing trust in legitimate AI platforms to deliver state-linked espionage malware”.
For security teams, the report emphasizes that layered defense is critical. Monitoring for mshta.exe spawning shells or outbound connections to suspicious domains like oakenfjrod.ru can help catch the infection in its early stages. Ultimately, organizations must educate users that legitimate softwareβespecially from major AI providers like Anthropicβshould only be obtained through official, verified domains, never via “copy-paste” commands from a sponsored search result.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
