- Trend Micro found criminals abusing Claude’s “Shared Chats” feature to spread infostealers via ClickFix and malvertising
- Fake Apple Support chats on claude.ai, promoted through Google Ads, tricked macOS developers into pasting malicious commands
- Anthropic banned the accounts and disabled malicious conversations, promising further abuse mitigations
Security researchers Trend Micro have detected criminals abusing a legitimate feature in Claude AI to trick software developers into downloading malware. The campaign also includes malvertising, as well as the tried-and-true ClickFix method.
The goal of the campaign is to infect software developers – primarily those building AI tools on macOS environment – with infostealers.
Targets from Russian-speaking countries are spared, it seems, while the majority of the victims are located in Taiwan (30% of all traffic). This country is followed by Japan, Singapore, and the US.
Scam accounts banned
At the center of the attack is a feature called “Shared Claude Chats”, which allows users to create clickable links of previous conversations they’ve had with the AI. These chats can then be shared with other people via a public URL. Crooks created conversations showing fake Apple Support instructing the user how to install Claude Code (a command-line coding assistant).
However, the instructions are nothing but the standard ClickFix scam – they tell the user to bring up the Terminal and paste a command, which triggers a chain reaction resulting in an infostealer infection.
The second step is to advertise these URLs to the right target audience, which was being done via Google Ads. The miscreants were able to buy ads on Google’s network and set them up so that anyone searching for “Claude Code on Mac” (or similar keywords) would be shown these URLs as the first result.
Since the sites are hosted on the claude.ai domain, there was nothing seemingly suspicious about the links.
Trend Micro is not the first company to warn about this campaign. In mid-May this year, security researcher Berk Albayrak posted a new warning on LinkedIn, detailing almost an identical campaign. Same approach, same targets and most importantly – same exclusions.
The researchers are saying Anthropic investigated and banned the accounts responsible and disabled the malicious shared conversations. The AI company is allegedly “implementing additional abuse mitigations”.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-2560-80.jpg
Source link
