← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Windows and macOS Malware Spreads via Fake Claude Code Google Ads
WHITE PetrP.73 2026-03-18 Modified: 2026-03-18
15
IOCs
MEDIUM VOLUME
Recent research has unveiled a malicious Google Ads campaign that impersonates "Claude Code," a language model developed by Anthropic, targeting both Windows and macOS users. The malicious advertisement redirects users to a fraudulent documentation page mimicking the official Claude Code resources, hosted on a Squarespace subdomain. The attackers leveraged a compromised advertiser account related to a Malaysian company to facilitate this campaign.
googleclaudeclaude codewindowsbitdefenderclickfixmacho binaryhta filemsilgoogle adsdownloadpowershellnevercodeamosmacos
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (3 / 15 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 4448b88c81e4bdaf9e73942c1c237492 MD5 of 762fb099115d1917b6f673cc5c74a4b61962a64d640673aaf02566ca6a3dbfa4 2026-03-18
FileHash-MD5 ae7244062d6eee802f33c15c363ec6a2 MD5 of 3b4d3a59024f14cf1f07395afd6957be05d125e00ae8fdcea3a5dee1d8ab9dd3 2026-03-18
FileHash-MD5 f2e4f83e998b320b43b4671192917a85 MD5 of 79cd21185c51a5bfe2cfebdc51e14b258d91549fc0e4e09b6939c2a8a1c5ac19 2026-03-18
References (1)
↗ https://www.bitdefender.com/en-us/blog/labs/fake-claude-code-google-ads-malware