Attackers are using a new social engineering technique called "InstallFix" to trick users into running malicious commands by cloning legitimate software installation pages, such as for Anthropic's Claude Code CLI tool. The fake pages, promoted via malicious Google Ads, deliver the Amatera Stealer malware, which steals sensitive data like credentials and cryptocurrency wallets. The attacks exploit trust in domains and are hosted on legitimate platforms, making them evasive. The main topics covered are the new InstallFix attack method, the distribution via malvertising, and the details of the Amatera Stealer payload.
Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools.
The new trick exploits the common practice among developers these days of downloading and executing scripts through 'curl-to-bash' commands from online sources without close inspection of the assets first.
Researchers at Push Security, a browser threat detection and response company, found that attackers use the new InstallFix technique with cloned pages for poular CLI tools that serve malicious install commands.
Since the current security model "boils down to 'trust the domain'," and more non technical users are now working with tools previously resserved for developers, InstallFix may become a larger threat, the researchers say.
In a report today, Push Security highlights a cloned installation page for Claude Code, Anthropic’s CLI coding assistant, that features the same layout, branding, and documentation sidebar as the legitimate source.
The difference is in the installation instructions for macOS and Windows (PowerShell and Command Prompt), which deliver malware from an attacker-controlled endpoint.
The researchers say that apart from the installation instructions, all links on the fake page redirect to the legitimate Anthropic site.
“So a victim that lands on the page and follows the fake instructions could continue normally without realizing anything had gone wrong,” Push Security notes in the report.
The attackers promote these pages through malvertising campaigns on Google Ads, causing malicious ads to appear in search results for queries such as “Claude Code install” and “Claude Code CLI.”
BleepingComputer could confirm that the malicious websites are still bieing promoted through Google sponsored search results. When looking for the query "install claude code," the first result was a Squarespace URL (claude-code-cmd.squarespace[.]com) pointing to a perfect clone of the official Claude Code documentation.
Amatera infections
Based on Push Security's analysis, the payload delivered through these InstallFix attacks is the Amatera Stealer, a piece of malware designed to steal sensitive data (cryptocurrency wallets, credentials) from compromised systems.
The malicious InstallFix commands for macOS contain base64-encoded instructions for downloading and executing a binary from a domain controlled by the attacker. In one case, BleepingComputer found that the threat actor used the domain wriconsult[.]com, which is currently down.
For Windows users, the malicious command uses the legitimate utility ‘mshta.exe’ to retrieve the malware and triggers additional processes like ‘conhost.exe’ to support the execution of the final payload, Amatera information stealer.
Amatera is a fairly new malware family, believed to be based on the ACR Stealer, sold as a subscription service (MaaS) to cybercriminals.
It was recently observed distributed in separate ClickFix attacks that abused Windows App-V scripts for payload delivery. It can steal passwords, cookies, and session tokens stored in web browsers and collect system information while evading detection by security tools.
Push Security reports that the attacks are particularly evasive, also because the malicious sites are hosted on legitimate platforms such as Cloudflare Pages, Squarespace, and Tencent EdgeOne.
Users looking for Claude Code must ensure they get installation instructions from official websites, block or skip all promoted Google Search results, and bookmark software download portals for tools they need to re-download frequently.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Meridiano
