← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
InstallFix Attacks Distributing Amatera Infostealer via Fake Claude Code Installation Guides
Threat actors are using fake Claude Code installation guides promoted through Google Ads to trick users into running malicious commands that download the Amatera infostealer.
Indicators of Compromise (44)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 12609e847c88f2e88b54efdb81b5b154 | MD5 of 4ee3b09dd9a787ebbb02a637f8af192a7e91d4b7af1515d8e5c21e1233f0f1c7 | 2026-03-10 | |
| FileHash-MD5 | 363846aab242c38bdfadb7634a335b34 | MD5 of db7a1c352c7d1ac75e0ba31b71cf4b0e3304a22b8d0d636fa80b5d5095be1e00 | 2026-03-10 | |
| FileHash-MD5 | 3efebd8289652af8b3da8ff77acad36b | MD5 of 468eed1131e4b562ae32ff2734d9feb37c9b8e2097df05431867279614c8502a | 2026-03-10 | |
| FileHash-MD5 | 7b89c56c39a4567e62e234332c9abef5 | MD5 of 6a3f0bf6739ee69012b4c2b61e43a2ce7c7d9ee145b4efe0395961e08e3beac7 | 2026-03-10 | |
| FileHash-MD5 | bca333fb7d798065307200ea870d4982 | MD5 of 299ae5afdf4338e1e5d68656c67719346277deae20d9d013079244302040db7e | 2026-03-10 | |
| FileHash-MD5 | be9e8803e294e7cd5f1a991774ea81b9 | MD5 of 11f5c91d24c9d1eee16dacacfb9160e299544c1a854af92f79daf88364cea0b6 | 2026-03-10 | |
| FileHash-MD5 | d35341798bd6ce066d3bea0a6acc18f3 | MD5 of b420b96e0d76702f51ba0e3364da881aaf766e00538059e58fec6b7676a68e6c | 2026-03-10 | |
| FileHash-MD5 | d53dfcac2586131ab99383c6b8060f8a | MD5 of 067d5dbbd24f988f0c945a08556dec3a1c789398ae46842038ea96a9b2384427 | 2026-03-10 | |
| FileHash-SHA1 | 076801bd9c6eb78fc0331a4c7a22c73199cc3824 | SHA1 of 6a3f0bf6739ee69012b4c2b61e43a2ce7c7d9ee145b4efe0395961e08e3beac7 | 2026-03-10 | |
| FileHash-SHA1 | 375d7423e63c8f5f2cc814e8cfe697ba25168afa | SHA1 of b420b96e0d76702f51ba0e3364da881aaf766e00538059e58fec6b7676a68e6c | 2026-03-10 | |
| FileHash-SHA1 | 3978ac5cd14e357320e127d6c87f10cb70a1dcc2 | SHA1 of 299ae5afdf4338e1e5d68656c67719346277deae20d9d013079244302040db7e | 2026-03-10 | |
| FileHash-SHA1 | 6bbc9ab132ba066f63676e05da13d108598bc29b | SHA1 of 11f5c91d24c9d1eee16dacacfb9160e299544c1a854af92f79daf88364cea0b6 | 2026-03-10 | |
| FileHash-SHA1 | 8364730e9bb2cf3a4b016de1b34f38341c0ee2fa | SHA1 of 067d5dbbd24f988f0c945a08556dec3a1c789398ae46842038ea96a9b2384427 | 2026-03-10 | |
| FileHash-SHA1 | c14e9b062ed28115ede096788f62b47a6ed841ac | SHA1 of 4ee3b09dd9a787ebbb02a637f8af192a7e91d4b7af1515d8e5c21e1233f0f1c7 | 2026-03-10 | |
| FileHash-SHA1 | e60d12017d2da579df87368f5596a0244621ae86 | SHA1 of 468eed1131e4b562ae32ff2734d9feb37c9b8e2097df05431867279614c8502a | 2026-03-10 | |
| FileHash-SHA1 | f8f4c5bc498bcce907dc975dd88be8d594629909 | SHA1 of db7a1c352c7d1ac75e0ba31b71cf4b0e3304a22b8d0d636fa80b5d5095be1e00 | 2026-03-10 | |
| FileHash-SHA256 | 067d5dbbd24f988f0c945a08556dec3a1c789398ae46842038ea96a9b2384427 | — | 2026-03-10 | |
| FileHash-SHA256 | 11f5c91d24c9d1eee16dacacfb9160e299544c1a854af92f79daf88364cea0b6 | — | 2026-03-10 | |
| FileHash-SHA256 | 299ae5afdf4338e1e5d68656c67719346277deae20d9d013079244302040db7e | — | 2026-03-10 | |
| FileHash-SHA256 | 468eed1131e4b562ae32ff2734d9feb37c9b8e2097df05431867279614c8502a | — | 2026-03-10 | |
| FileHash-SHA256 | 4ee3b09dd9a787ebbb02a637f8af192a7e91d4b7af1515d8e5c21e1233f0f1c7 | — | 2026-03-10 | |
| FileHash-SHA256 | 6a3f0bf6739ee69012b4c2b61e43a2ce7c7d9ee145b4efe0395961e08e3beac7 | — | 2026-03-10 | |
| FileHash-SHA256 | b420b96e0d76702f51ba0e3364da881aaf766e00538059e58fec6b7676a68e6c | — | 2026-03-10 | |
| FileHash-SHA256 | db7a1c352c7d1ac75e0ba31b71cf4b0e3304a22b8d0d636fa80b5d5095be1e00 | — | 2026-03-10 | |
| domain | claude-code-macos.com | — | 2026-03-10 | |
| URL | http://asdasdasdadsvvvvv.pages.dev/ | — | 2026-03-10 | |
| hostname | asdasdasdadsvvvvv.pages.dev | — | 2026-03-10 | |
| hostname | cladueall.pages.dev | — | 2026-03-10 | |
| hostname | claud-code.pages.dev | — | 2026-03-10 | |
| hostname | claude-code-docs-dvlr2jpuuw.edgeone.app | — | 2026-03-10 | |
| hostname | claude-code-docs-site.pages.dev | — | 2026-03-10 | |
| hostname | claude-code-install.squarespace.com | — | 2026-03-10 | |
| hostname | claudecode-developers.squarespace.com | — | 2026-03-10 | |
| hostname | claulastver.squarespace.com | — | 2026-03-10 | |
| hostname | hgjbulk.pages.dev | — | 2026-03-10 | |
| hostname | jhgyuifyfiguohi.pages.dev | — | 2026-03-10 | |
| hostname | myclauda.it.com | — | 2026-03-10 | |
| hostname | nnnnnnnnnnnnnnnnnnnnn.pages.dev | — | 2026-03-10 | |
| hostname | vdsafsaf.it.com | — | 2026-03-10 | |
| FileHash-SHA256 | 8d2d275360adedecfbbd91567daddeed80d20aceb8aa4320d06a21486493945b | — | 2026-03-10 | |
| URL | http://contatoplus.com/curl/8d2d275360adedecfbbd91567daddeed80d20aceb8aa4320d06a21486493945b | — | 2026-03-10 | |
| URL | http://saramoftah.com/curl/958ca005af6a71be22cfcd5de82ebf5c8b809b7ee28999b6ed38bfe5d19420 | — | 2026-03-10 | |
| domain | contatoplus.com | — | 2026-03-10 | |
| domain | saramoftah.com | — | 2026-03-10 |