Malware campaign targets AI tools like Claude Code, OpenClar: Kaspersky

Fake ads and cloned websites trick developers into installing infostealers, exposing credentials, source code and sensitive data, says Kaspersky

A new malware campaign is targeting developers attempting to install popular artificial intelligence (AI) tools such as Claude Code and OpenClaw, according to a report by Kaspersky Threat Research.

 

The cybersecurity firm said attackers are using sponsored advertisements on search engines to redirect users to malicious websites that closely mimic official installation pages.

 

Fake sites mimic official documentation

 

Kaspersky noted that when users search for “Claude Code download”, sponsored ads appear at the top of results. One such ad leads to a fake webpage designed to replicate the tool’s official documentation.

 

Hosted on the website-building platform Squarespace, the page appears identical to the legitimate version, making it difficult for users to detect the fraud.

 

As a result, users may unknowingly execute malicious commands while attempting to install the tool.

 

Malware targets sensitive data

 

Instead of installing the intended software, the commands deploy information-stealing malware on the victim’s system.

 

On Windows devices, the malware identified as Amatera collects data from user directories, web browsers and cryptocurrency wallets, and transmits it to remote servers. The malware has previously been linked to campaigns using the ClickFix distribution method and operates under a malware-as-a-service model.

 

On macOS systems, attackers deploy AMOS, another infostealer known to target Apple devices.

 

Risks for developers and enterprises

 

“The campaign poses significant risks because AI development tools such as Claude Code and OpenClaw are widely used not only by hobbyists and automation enthusiasts but also by professional developers working in large organizations,” said Vladimir Gursky, cybersecurity expert at Kaspersky.

 

He added that infected systems could expose source code, corporate data, authentication credentials and private accounts, making the threat particularly severe for businesses.

 

Wider campaign detected

 

Kaspersky researchers also identified similar campaigns targeting other AI tools, including OpenClaw and Doubao.

 

Attackers have registered multiple domains and distributed malware disguised as legitimate downloads, using consistent tactics across platforms.

 

The report highlights growing cybersecurity risks associated with the rapid adoption of AI tools, particularly among developers who rely on external downloads and online documentation.