Fake Claude Code install guides push infostealers in InstallFix attacks
Summary
Attackers are using InstallFix, a social engineering technique, to distribute the Amatera Stealer malware through fake installation pages for Claude Code that closely mimic the legitimate site. These cloned pages contain malicious install commands designed to trick users into running code that downloads the malware, and are promoted via malvertising (fake ads in search results) on Google Ads.
Solution / Mitigation
Users looking for Claude Code must ensure they get installation instructions from official websites, block or skip all promoted Google Search results, and bookmark software download ports.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/security/fake-claude-code-install-guides-push-infostealers-in-installfix-attacks/
First tracked: March 6, 2026 at 11:00 AM
Classified by LLM (prompt v3) · confidence: 92%