Bybit’s Security Operations Center has uncovered a sophisticated macOS malware campaign targeting developers searching for Claude Code, an AI-powered coding tool from Anthropic, highlighting a growing intersection between AI adoption and crypto-focused cyber threats. The attack uses search engine manipulation to trick users into downloading malicious software that can steal credentials, access crypto wallets, and establish persistent control over infected systems.
Attackers are exploiting the popularity of Claude Code by pushing malicious links to the top of search results through SEO poisoning. Victims searching for the tool are redirected to fake websites designed to mimic official documentation, where they unknowingly download infected files. The attack chain is multi-stage and begins with a disguised installer that deploys malware immediately after execution.
Once installed, the malware acts as an infostealer, extracting a wide range of sensitive data from the victim’s system.
This includes:
Bybit researchers identified attempts to access hundreds of crypto wallet extensions, showing that digital assets are a primary target of the campaign.
Beyond data theft, the malware deploys a secondary backdoor written in C++, allowing attackers to maintain long-term access to compromised devices.
The system includes:
This turns infected machines into ongoing access points rather than one-time targets.
This campaign reflects a broader trend where cybercriminals are targeting developers through AI tools and platforms. As tools like Claude Code gain adoption, attackers are exploiting trust in these systems to distribute malware more effectively. The strategy is simple but effective. Instead of hacking systems directly, attackers trick users into installing compromised tools themselves.
NFT platform Candy Digital has announced plans to migrate its digital collectibles ecosystem to the Solana blockchain, signaling…
The U.S. military has confirmed it is actively running a Bitcoin node as part of national security research, while…
The Web3 gaming sector is facing a harsh reality check as new data reveals that more…
Justin Sun, founder of TRON, has filed a federal lawsuit against World Liberty Financial, a crypto venture…
Tether has frozen approximately $344 million in USDT on the Tron blockchain after the wallets were flagged by U.S. authorities, marking…
Prediction market platform Kalshi has fined and suspended three U.S. congressional candidates after determining they engaged in “political…