A website impersonating Anthropic’s generative artificial intelligence (AI) service “Claude” has emerged, appearing at the top of Google search results and prompting heightened caution.
AhnLab said on April 22 it had discovered a phishing site that closely mimics the official “Claude” homepage and induces users to download malicious code.
The site features the phrase “Bring Claude to your Desktop” and provides download buttons for operating systems (OS) such as Windows and Mac.
When users click the download button corresponding to their OS, a pop-up window appears with installation instructions instead of an actual installation file.
The instructions explain that copying and pasting a specific command into the system will initiate the download.
However, executing this process installs malicious code. The malware transmits files on the computer, browser-stored information and cryptocurrency wallet data to a server controlled by attackers.
This method, which tricks users into executing malicious commands through fake instructions or error pop-ups using a “copy and paste” approach, is known as the “ClickFix” technique.
The company explained that when searching terms such as “Claude app” or “Claude desktop” on Google, the phishing site appeared at the top of the results.
It advised users to verify domain addresses regardless of search ranking, apply the latest security patches to internet browsers and enable real-time monitoring features in antivirus software.
AhnLab said, “Attackers are believed to have manipulated exposure rankings by using Google search advertising services to lure users,” adding, “Attacks exploiting trust in top search results are continuously being identified.”
AhnLab provides the latest threat intelligence, including this case, through its next-generation threat intelligence platform, AhnLab TIP.
