Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign
A malvertising campaign impersonated popular AI developer tools using Google Ads and abused the claude.ai shared chat feature to deliver the MacSync infostealer malware. Over seven weeks in 2026, attackers deployed over 100 malicious hostnames, initially using GitLab pages before shifting to claude.ai's shared chat. The campaign targeted technically skilled users, tricking them into running terminal commands that installed malware stealing browser data, SSH keys, and cryptocurrency wallets. The Asia-Pacific region, especially Taiwan, was heavily impacted. Anthropic responded by banning malicious accounts and adding abuse mitigations.
AI Analysis
Technical Summary
Cybercriminals conducted a sophisticated malvertising operation from April to June 2026, leveraging Google Ads to impersonate AI developer tools such as Claude AI and ChatGPT Codex. They deployed 106 unique malicious hostnames in six waves, initially hosting social engineering ClickFix pages on GitLab infrastructure before exploiting the legitimate shared chat feature of claude.ai to deliver malicious commands. The campaign targeted technically proficient users searching for AI development tools, tricking them into executing terminal commands that installed the MacSync infostealer. This malware harvested sensitive credentials including browser data, SSH keys, and cryptocurrency wallets. The Asia-Pacific region bore the brunt of the attacks, with 67.2% of over 2,000 victims located there, particularly in Taiwan. Anthropic mitigated the threat by banning malicious accounts and implementing additional abuse protections.
Potential Impact
The campaign resulted in credential theft including browser data, SSH keys, and cryptocurrency wallets from over 2,000 victims, primarily in the Asia-Pacific region. The use of legitimate claude.ai shared chat for malicious command delivery represents abuse of a trusted platform feature. The stolen credentials could lead to further compromise of victim systems and accounts.
Mitigation Recommendations
Anthropic has banned malicious accounts involved in the campaign and implemented additional abuse mitigations on the claude.ai platform. Users should avoid executing untrusted terminal commands, especially those received via chat or impersonated AI tools. Monitor for suspicious domains and URLs associated with this campaign. Patch status is not applicable as this is an abuse of platform features rather than a software vulnerability. Check vendor advisories for updates on abuse prevention.
Affected Countries
British Indian Ocean Territory, France, Hong Kong, India, Italy, Japan, Malaysia, Singapore, Taiwan
Indicators of Compromise
- domain: jerryshvac.com
- domain: customroofingcontractors.com
- domain: a2abotnet.com
- domain: claude-code.official-version.com
- domain: isgilan.com
- domain: plirepsijr74.com
- domain: thnikagent.com
- domain: babulikinet.com
- domain: loserrq0j1sha8.com
- domain: bernasibutuwqu2.com
- domain: briskinternet.com
- domain: touristprogram.com
- domain: homeinspectionnaperville.com
- domain: yoauction.com
- domain: alabamarecoverycenter.com
- domain: 5x5web.com
- domain: bewqslkslikrtjinfg9.com
- domain: oaklandwaterdamage.com
- domain: peowqlauoshau8.com
- url: https://loserrq0j1sha8.com/debug/loader.sh?build=a39427f9d5bfda11277f1a58c89b7c2d
- domain: 20claude.ai
Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign
Description
A malvertising campaign impersonated popular AI developer tools using Google Ads and abused the claude.ai shared chat feature to deliver the MacSync infostealer malware. Over seven weeks in 2026, attackers deployed over 100 malicious hostnames, initially using GitLab pages before shifting to claude.ai's shared chat. The campaign targeted technically skilled users, tricking them into running terminal commands that installed malware stealing browser data, SSH keys, and cryptocurrency wallets. The Asia-Pacific region, especially Taiwan, was heavily impacted. Anthropic responded by banning malicious accounts and adding abuse mitigations.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Cybercriminals conducted a sophisticated malvertising operation from April to June 2026, leveraging Google Ads to impersonate AI developer tools such as Claude AI and ChatGPT Codex. They deployed 106 unique malicious hostnames in six waves, initially hosting social engineering ClickFix pages on GitLab infrastructure before exploiting the legitimate shared chat feature of claude.ai to deliver malicious commands. The campaign targeted technically proficient users searching for AI development tools, tricking them into executing terminal commands that installed the MacSync infostealer. This malware harvested sensitive credentials including browser data, SSH keys, and cryptocurrency wallets. The Asia-Pacific region bore the brunt of the attacks, with 67.2% of over 2,000 victims located there, particularly in Taiwan. Anthropic mitigated the threat by banning malicious accounts and implementing additional abuse protections.
Potential Impact
The campaign resulted in credential theft including browser data, SSH keys, and cryptocurrency wallets from over 2,000 victims, primarily in the Asia-Pacific region. The use of legitimate claude.ai shared chat for malicious command delivery represents abuse of a trusted platform feature. The stolen credentials could lead to further compromise of victim systems and accounts.
Mitigation Recommendations
Anthropic has banned malicious accounts involved in the campaign and implemented additional abuse mitigations on the claude.ai platform. Users should avoid executing untrusted terminal commands, especially those received via chat or impersonated AI tools. Monitor for suspicious domains and URLs associated with this campaign. Patch status is not applicable as this is an abuse of platform features rather than a software vulnerability. Check vendor advisories for updates on abuse prevention.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.trendmicro.com/en_us/research/26/f/claudeai-shared-chat-abused-in-malvertising.html"]
- Adversary
- null
- Pulse Id
- 6a33c3eeab85c6e12893a90e
- Threat Score
- null
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainjerryshvac.com | — | |
domaincustomroofingcontractors.com | — | |
domaina2abotnet.com | — | |
domainclaude-code.official-version.com | — | |
domainisgilan.com | — | |
domainplirepsijr74.com | — | |
domainthnikagent.com | — | |
domainbabulikinet.com | — | |
domainloserrq0j1sha8.com | — | |
domainbernasibutuwqu2.com | — | |
domainbriskinternet.com | — | |
domaintouristprogram.com | — | |
domainhomeinspectionnaperville.com | — | |
domainyoauction.com | — | |
domainalabamarecoverycenter.com | — | |
domain5x5web.com | — | |
domainbewqslkslikrtjinfg9.com | — | |
domainoaklandwaterdamage.com | — | |
domainpeowqlauoshau8.com | — | |
domain20claude.ai | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://loserrq0j1sha8.com/debug/loader.sh?build=a39427f9d5bfda11277f1a58c89b7c2d | — |
Threat ID: 6a345308f198dc38c17d1120
Added to database: 6/18/2026, 8:20:24 PM
Last enriched: 6/18/2026, 8:35:20 PM
Last updated: 6/18/2026, 11:56:55 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.