← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Windows and macOS Malware Spreads via Fake Claude Code Google Ads
WHITE PetrP.73 2026-03-18 Modified: 2026-03-18
15
IOCs
MEDIUM VOLUME
Recent research has unveiled a malicious Google Ads campaign that impersonates "Claude Code," a language model developed by Anthropic, targeting both Windows and macOS users. The malicious advertisement redirects users to a fraudulent documentation page mimicking the official Claude Code resources, hosted on a Squarespace subdomain. The attackers leveraged a compromised advertiser account related to a Malaysian company to facilitate this campaign.
googleclaudeclaude codewindowsbitdefenderclickfixmacho binaryhta filemsilgoogle adsdownloadpowershellnevercodeamosmacos
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (15)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 4448b88c81e4bdaf9e73942c1c237492 MD5 of 762fb099115d1917b6f673cc5c74a4b61962a64d640673aaf02566ca6a3dbfa4 2026-03-18
FileHash-MD5 ae7244062d6eee802f33c15c363ec6a2 MD5 of 3b4d3a59024f14cf1f07395afd6957be05d125e00ae8fdcea3a5dee1d8ab9dd3 2026-03-18
FileHash-MD5 f2e4f83e998b320b43b4671192917a85 MD5 of 79cd21185c51a5bfe2cfebdc51e14b258d91549fc0e4e09b6939c2a8a1c5ac19 2026-03-18
FileHash-SHA1 baa0a97022a5f87dac0c0077a2fc3d34a7e5588e SHA1 of 3b4d3a59024f14cf1f07395afd6957be05d125e00ae8fdcea3a5dee1d8ab9dd3 2026-03-18
FileHash-SHA1 f8a2fb31dfadd1130b0470854cc055e72351fe3c SHA1 of 79cd21185c51a5bfe2cfebdc51e14b258d91549fc0e4e09b6939c2a8a1c5ac19 2026-03-18
FileHash-SHA1 fa38c257d697f7b4d6a433fe95ad5e5732ae3563 SHA1 of 762fb099115d1917b6f673cc5c74a4b61962a64d640673aaf02566ca6a3dbfa4 2026-03-18
FileHash-SHA256 3b4d3a59024f14cf1f07395afd6957be05d125e00ae8fdcea3a5dee1d8ab9dd3 2026-03-18
FileHash-SHA256 505b32ac2b6fffb5fac81d5bdc2e1e8581fc4196dfb01aee852216a3ad6ff47e 2026-03-18
FileHash-SHA256 762fb099115d1917b6f673cc5c74a4b61962a64d640673aaf02566ca6a3dbfa4 2026-03-18
FileHash-SHA256 79cd21185c51a5bfe2cfebdc51e14b258d91549fc0e4e09b6939c2a8a1c5ac19 2026-03-18
FileHash-SHA256 a78e487995ab452c5990b4baff6a4fa485ae2798c2ddd13718c17eb641f11646 2026-03-18
FileHash-SHA256 eb4d9a0e4c483dc29ae8c4d31fafcd583c457923d3344745b5c7ab13abed4dc5 2026-03-18
URL https://docs.claude.com/docs/en/overview 2026-03-18
URL https://download.active-version.com/claude 2026-03-18
hostname docs.claude.com 2026-03-18
References (1)
↗ https://www.bitdefender.com/en-us/blog/labs/fake-claude-code-google-ads-malware