← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
InstallFix Attacks Distributing Amatera Infostealer via Fake Claude Code Installation Guides
WHITE cryptocti 2026-03-10 Modified: 2026-03-10
44
IOCs
MEDIUM VOLUME
Threat actors are using fake Claude Code installation guides promoted through Google Ads to trick users into running malicious commands that download the Amatera infostealer.
Indicators of Compromise (8 / 44 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 12609e847c88f2e88b54efdb81b5b154 MD5 of 4ee3b09dd9a787ebbb02a637f8af192a7e91d4b7af1515d8e5c21e1233f0f1c7 2026-03-10
FileHash-MD5 363846aab242c38bdfadb7634a335b34 MD5 of db7a1c352c7d1ac75e0ba31b71cf4b0e3304a22b8d0d636fa80b5d5095be1e00 2026-03-10
FileHash-MD5 3efebd8289652af8b3da8ff77acad36b MD5 of 468eed1131e4b562ae32ff2734d9feb37c9b8e2097df05431867279614c8502a 2026-03-10
FileHash-MD5 7b89c56c39a4567e62e234332c9abef5 MD5 of 6a3f0bf6739ee69012b4c2b61e43a2ce7c7d9ee145b4efe0395961e08e3beac7 2026-03-10
FileHash-MD5 bca333fb7d798065307200ea870d4982 MD5 of 299ae5afdf4338e1e5d68656c67719346277deae20d9d013079244302040db7e 2026-03-10
FileHash-MD5 be9e8803e294e7cd5f1a991774ea81b9 MD5 of 11f5c91d24c9d1eee16dacacfb9160e299544c1a854af92f79daf88364cea0b6 2026-03-10
FileHash-MD5 d35341798bd6ce066d3bea0a6acc18f3 MD5 of b420b96e0d76702f51ba0e3364da881aaf766e00538059e58fec6b7676a68e6c 2026-03-10
FileHash-MD5 d53dfcac2586131ab99383c6b8060f8a MD5 of 067d5dbbd24f988f0c945a08556dec3a1c789398ae46842038ea96a9b2384427 2026-03-10