Fake Claude Code Installers on Google Sites Steal Credentials via ClickFix Attack
By
Tushar Subhra Dutta
Summary
Cybercriminals are exploiting the popularity of AI developer tools like Claude Code and OpenAI Codex by hosting fake installer pages on trusted Google Sites infrastructure. The campaign uses a ClickFix technique, tricking victims into running commands that appear to be part of a legitimate setup process but instead steal credentials and sensitive personal data from their devices. No traditional file download occurs, making the attack harder to detect.
Source
bskyFake Claude Code Installers on Google Sites Steal Credentials via ClickFix Attackcybersecuritynews.comKey quotes
· 4 pulledCybercriminals have found a new and clever way to exploit the growing popularity of AI developer tools.
A recently identified campaign uses fake pages mimicking Claude Code and OpenAI Codex, hosted on trusted Google Sites infrastructure, to trick users into running commands that quietly steal their credentials and other sensitive personal data from their devices.
The attack follows a technique known as ClickFix, where victims are shown what looks like a legitimate setup page and told to execute a short command.
There is no file downloaded in the traditional sense.
You might also wanna read
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery

Using HTTP Proxies to Secure Credentials in Claude Code Sandboxes
The article discusses security measures for AI coding assistants like Claude Code, focusing on using HTTP proxies to prevent credential expo
Open-Source Reverse-Engineered Version of Claude in Chrome Removes Domain Blocklist and Expands Browser Compatibility
A developer has reverse-engineered the Claude in Chrome browser automation tool, creating an open-source version that removes the original's

Opera rolls out Paste Protect feature to fight ClickFix attacks
Claude Code embeds hidden system prompt markers based on API URL and timezone
A developer inspected the Claude Code binary (version 2.1.196) for privacy and security reasons, discovering that it contains a function whi
User Experience with Claude Code Opus 4.7's Security Monitoring During Development
The article discusses a user's experience with Claude Code Opus 4.7, an AI coding assistant that appears to be excessively monitoring for po

Comments
Sign in to join the conversation.
No comments yet. Be the first.