← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads
WHITE celestre 2026-05-20 Modified: 2026-05-20
14
IOCs
MEDIUM VOLUME
Claude has been in the news for quite some time, and cybercriminals are capitalizing by anticipating people will be searching for tools and downloads related to this LLM. To exploit this interest, they bought a convincing sponsored result that shows up above legitimate search results, redirecting victims to a fake documentation page that looks much like the real one.
Indicators of Compromise (14)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 4448b88c81e4bdaf9e73942c1c237492 MD5 of 762fb099115d1917b6f673cc5c74a4b61962a64d640673aaf02566ca6a3dbfa4 2026-05-20
FileHash-MD5 ae7244062d6eee802f33c15c363ec6a2 MD5 of 3b4d3a59024f14cf1f07395afd6957be05d125e00ae8fdcea3a5dee1d8ab9dd3 2026-05-20
FileHash-MD5 f2e4f83e998b320b43b4671192917a85 MD5 of 79cd21185c51a5bfe2cfebdc51e14b258d91549fc0e4e09b6939c2a8a1c5ac19 2026-05-20
FileHash-SHA1 baa0a97022a5f87dac0c0077a2fc3d34a7e5588e SHA1 of 3b4d3a59024f14cf1f07395afd6957be05d125e00ae8fdcea3a5dee1d8ab9dd3 2026-05-20
FileHash-SHA1 f8a2fb31dfadd1130b0470854cc055e72351fe3c SHA1 of 79cd21185c51a5bfe2cfebdc51e14b258d91549fc0e4e09b6939c2a8a1c5ac19 2026-05-20
FileHash-SHA1 fa38c257d697f7b4d6a433fe95ad5e5732ae3563 SHA1 of 762fb099115d1917b6f673cc5c74a4b61962a64d640673aaf02566ca6a3dbfa4 2026-05-20
FileHash-SHA256 3b4d3a59024f14cf1f07395afd6957be05d125e00ae8fdcea3a5dee1d8ab9dd3 2026-05-20
FileHash-SHA256 505b32ac2b6fffb5fac81d5bdc2e1e8581fc4196dfb01aee852216a3ad6ff47e 2026-05-20
FileHash-SHA256 762fb099115d1917b6f673cc5c74a4b61962a64d640673aaf02566ca6a3dbfa4 2026-05-20
FileHash-SHA256 79cd21185c51a5bfe2cfebdc51e14b258d91549fc0e4e09b6939c2a8a1c5ac19 2026-05-20
FileHash-SHA256 a78e487995ab452c5990b4baff6a4fa485ae2798c2ddd13718c17eb641f11646 2026-05-20
FileHash-SHA256 eb4d9a0e4c483dc29ae8c4d31fafcd583c457923d3344745b5c7ab13abed4dc5 2026-05-20
URL https://download.active-version.com/claude 2026-05-20
hostname download.active-version.com 2026-05-20
References (1)
↗ https://www.bitdefender.com/en-us/blog/labs/fake-claude-code-google-ads-malware