Security researchers from Push Security have identified a new attack technique called InstallFix, where attackers distribute fake installation guides for developer tools through malicious search ads. The campaign involves cloning legitimate websites and replacing install commands with malicious ones that deliver malware. In recent cases, attackers targeted tools like Claude Code from Anthropic. Victims searching for installation instructions are directed to near-identical copies of official pages, often via sponsored results on search engines.
The attack exploits a common developer practice: copying and running one-line install commands such as “curl to bash,” which fetch and execute scripts directly in a terminal. While widely used by tools like Homebrew and other package managers, this method relies heavily on trusting the source domain. In the InstallFix campaign, attackers modify the command so it downloads a malicious script instead of the legitimate installer. Once executed, the malware is installed without obvious warning, as the process appears identical to a normal setup.
Researchers found that the malicious payload in several cases matched the behavior of Amatera, a relatively new infostealer malware. This type of software is designed to extract sensitive data, including saved passwords, browser cookies, and system information. The attack chain typically involves multiple stages, using system processes to retrieve and execute additional code from remote servers. By leveraging legitimate infrastructure and obfuscation techniques, the malware can evade traditional security tools.
Deceptive Delivery Model
Unlike traditional phishing attacks, InstallFix does not rely on emails or fake alerts to lure victims. Instead, it targets users who are actively searching for legitimate software. Malicious pages are promoted through paid search ads, placing them above official results and increasing the likelihood of clicks. Because users initiate the interaction themselves, the attack bypasses many standard security filters.
The cloned pages are often indistinguishable from the original, with identical layouts, branding, and documentation. In some cases, users are even redirected to the real website after running the malicious command, reducing suspicion. This approach makes the attack particularly effective against both developers and less technical users adopting AI tools.
Expanding Attack Surface
The rise of AI tools and developer-friendly automation has expanded the potential victim pool for such attacks. As more users interact with command-line tools, including those without deep technical experience, risky practices like blindly executing install scripts become more common. Attackers are adapting by targeting popular and fast-growing tools, especially in the AI ecosystem.
The technique is part of a broader trend combining social engineering with infrastructure abuse. Attackers increasingly rely on legitimate hosting platforms and ad networks to distribute malicious content at scale. Security experts warn that defending against these threats requires changes in both user behavior and platform design, including better verification of install sources and stricter controls on ad distribution.
