A new variation of the ClickFix technique is being used to spread fake Claude Code install pages, blending malvertising with social engineering to capitalise on AI coding tools.
Researchers at Push Security discovered that the campaign distributes cloned Claude Code installation pages exclusively through Google-sponsored links for queries such as “Claude Code,” “Claude Code install,” and “Claude Code CLI.” The clones are near-identical to the real pages, and when victims copy the malicious install commands from them, the Amatera Stealer malware is deployed to swipe credentials and access enterprise development environments.
According to Push Security, malicious Google ads are an effective delivery mechanism because they bypass many email security scans, and attackers exploit sponsored results to target a broader, less security-conscious user base. Louw notes that hundreds of new Claude Code account creations are being seen across customers, suggesting attackers are targeting a mainstream AI tool already in use. March 9, 2026.