Categories: Tech

Bybit Uncovers macOS Malware Campaign Targeting Claude Code Developers and Crypto Wallets

Bybit’s Security Operations Center has uncovered a sophisticated macOS malware campaign targeting developers searching for Claude Code, an AI-powered coding tool from Anthropic, highlighting a growing intersection between AI adoption and crypto-focused cyber threats. The attack uses search engine manipulation to trick users into downloading malicious software that can steal credentials, access crypto wallets, and establish persistent control over infected systems. 


Fake Claude Code Downloads Used to Infect Developers

Attackers are exploiting the popularity of Claude Code by pushing malicious links to the top of search results through SEO poisoning. Victims searching for the tool are redirected to fake websites designed to mimic official documentation, where they unknowingly download infected files.  The attack chain is multi-stage and begins with a disguised installer that deploys malware immediately after execution.


Malware Targets Crypto Wallets and Sensitive Data

Once installed, the malware acts as an infostealer, extracting a wide range of sensitive data from the victim’s system.

This includes:

  • Browser credentials and saved passwords
  • macOS Keychain data
  • Telegram sessions and VPN profiles
  • Crypto wallet data and private keys

Bybit researchers identified attempts to access hundreds of crypto wallet extensions, showing that digital assets are a primary target of the campaign.


Advanced Backdoor Enables Persistent System Control

Beyond data theft, the malware deploys a secondary backdoor written in C++, allowing attackers to maintain long-term access to compromised devices.

The system includes:

  • Encrypted communication with remote servers
  • Sandbox detection to evade security tools
  • Persistent system agents to survive reboots

This turns infected machines into ongoing access points rather than one-time targets.


AI Tools Become a New Attack Surface

This campaign reflects a broader trend where cybercriminals are targeting developers through AI tools and platforms. As tools like Claude Code gain adoption, attackers are exploiting trust in these systems to distribute malware more effectively. The strategy is simple but effective. Instead of hacking systems directly, attackers trick users into installing compromised tools themselves.

Terron Gold

Recent Posts

SWIFT Launches Blockchain Ledger Pilot With 17 Banks for Tokenized Deposits

SWIFT has launched a new blockchain-based ledger pilot with 17 major banks to test how tokenized deposits can move across…

6 days ago

Sony Bank Wins U.S. Approval to Launch Dollar Stablecoin Trust Bank

Sony Bank, the banking arm of Sony Financial Group, has received conditional approval from the Office of the Comptroller…

6 days ago

PayPal USD Launches Natively on Polygon to Expand Global Stablecoin Payments

PayPal has expanded its stablecoin strategy by launching PayPal USD (PYUSD) natively on the Polygon blockchain, giving businesses direct access…

7 days ago

BONK Faces $20 Million Treasury Attack After Malicious Governance Proposal Passes

BONK, one of Solana's most recognizable memecoins, is facing a major governance crisis after an…

1 week ago

World Leaves Solana for Robinhood Chain in Major Bet on Tokenized Finance

World, the blockchain ecosystem co-founded by Sam Altman, is shifting its prediction market infrastructure from Solana to the…

1 week ago

BNB Chain Unveils New Layer 1 Built for AI Agent Trading, Targets 2027 Mainnet Launch

BNB Chain has revealed plans to build a brand-new Layer 1 blockchain specifically designed for the next generation…

1 week ago