← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads
WHITE celestre 2026-05-20 Modified: 2026-05-20
14
IOCs
MEDIUM VOLUME
Claude has been in the news for quite some time, and cybercriminals are capitalizing by anticipating people will be searching for tools and downloads related to this LLM. To exploit this interest, they bought a convincing sponsored result that shows up above legitimate search results, redirecting victims to a fake documentation page that looks much like the real one.
Indicators of Compromise (3 / 14 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 baa0a97022a5f87dac0c0077a2fc3d34a7e5588e SHA1 of 3b4d3a59024f14cf1f07395afd6957be05d125e00ae8fdcea3a5dee1d8ab9dd3 2026-05-20
FileHash-SHA1 f8a2fb31dfadd1130b0470854cc055e72351fe3c SHA1 of 79cd21185c51a5bfe2cfebdc51e14b258d91549fc0e4e09b6939c2a8a1c5ac19 2026-05-20
FileHash-SHA1 fa38c257d697f7b4d6a433fe95ad5e5732ae3563 SHA1 of 762fb099115d1917b6f673cc5c74a4b61962a64d640673aaf02566ca6a3dbfa4 2026-05-20
References (1)
↗ https://www.bitdefender.com/en-us/blog/labs/fake-claude-code-google-ads-malware