A recently identified social engineering technique is leveraging the widespread adoption of AI coding assistants to introduce unauthorized code into developer environments. Researchers at Push Security observed a threat campaign using deceptive Google-sponsored links to distribute cloned installation pages for Anthropic's Claude Code and other command-line interface (CLI) tools.
The technique, categorized by researchers as "InstallFix," capitalizes on standard developer workflows. The cloned web pages closely mirror legitimate documentation, matching the layout and domain structure as closely as possible. However, the provided command-line installation instructions are modified. When affected users copy and paste these commands into their terminal, they inadvertently initiate an execution sequence that deploys the Amatera Stealer, an information-stealing program designed to capture development credentials and session tokens.
The mechanics of deceptive installation
Jacques Louw, co-founder and chief product officer at Push Security, noted that this campaign highlights a broader industry reliance on simplified "curl-to-bash" installation methods. The practice of pasting a one-line command to pipe a remote script directly into a shell requires the user to implicitly trust the hosting domain.
While there is nothing strictly new about running unauthorized scripts, the delivery mechanism has evolved. Malicious actors distribute these deceptive pages primarily through search engine advertising rather than traditional email channels. This approach bypasses standard email security gateways. Because sponsored links often appear above organic search results, users seeking to quickly install a tool may navigate to a lookalike domain without scrutinizing the URL.
The technical execution flow is highly methodical. Once the user pastes the deceptive command, the system typically uses cmd.exe to spawn mshta.exe, which then retrieves and executes unauthorized scripts from a remote server. The macOS variants use similar staged execution layers. To blend in with normal traffic and complicate network filtering, the infrastructure behind these campaigns frequently utilizes domains from legitimate providers such as Cloudflare Pages, Tencent EdgeOne, and Squarespace.
Evolution from user-assisted errors
InstallFix represents a targeted evolution of a broader category of social engineering tactics known as "ClickFix." ClickFix techniques traditionally trick users into executing code by presenting them with fabricated issues that urgently require resolution.
Recent intelligence shows unauthorized actors using variations of this method across multiple sectors. Observed campaigns have included deceptive hotel booking lures delivering remote access tools under the guise of fake Blue Screen of Death (BSOD) errors. In more complex scenarios, threat actors have used manipulated AI-generated text summaries to hide malicious Windows Run commands, and even deployed deepfake video calls to manipulate cryptocurrency professionals into executing compromised troubleshooting scripts.
InstallFix bypasses the need to fabricate an error. Instead, it relies on the user's authentic intent to install legitimate software, making it particularly effective against both experienced engineers and newer developers adopting mainstream AI tools.
Protecting engineering environments
Because threat actors continually register new domains across legitimate hosting providers, relying solely on static indicators of compromise (IoCs) or domain blocklists offers limited protection against these fast-moving campaigns.
To safeguard enterprise development environments, security teams should work alongside their engineering counterparts to establish secure software provisioning practices. Organizations should implement endpoint monitoring configured to detect anomalous shell execution patterns—such as mshta.exe initiating unexpected network connections or cmd.exe executing highly obfuscated strings.
Furthermore, as AI tools bring more non-technical users into CLI environments, organizations should provide clear guidance on verifying official repository URLs and emphasize the importance of reading command syntax before pressing enter in a system terminal.