A new threat campaign is highlighting how attackers are exploiting developer behavior, as the Claude Code malware campaign targets macOS users searching for AI development tools.
Bybit disclosed findings from its Security Operations Center detailing a multi stage attack that uses search engine manipulation to lure victims. The campaign specifically targets users searching for “Claude Code,” an AI development tool from Anthropic, redirecting them to spoofed installation pages designed to mimic legitimate documentation.
First identified in March 2026, the attack begins with search engine optimization poisoning, allowing malicious domains to rank prominently in search results. Once users click through, they are presented with a convincing fake download page that initiates a two stage malware infection chain focused on credential theft and persistent system access.
The initial payload is delivered through a Mach O dropper that deploys an infostealer using osascript. Researchers observed behavior similar to known macOS threats such as AMOS and Banshee, with the malware extracting sensitive data including browser credentials, macOS Keychain entries, messaging sessions, VPN configurations, and cryptocurrency wallet information. The campaign specifically attempts to access more than 250 browser based wallet extensions along with multiple desktop wallet applications.
A second stage payload introduces a more advanced backdoor written in C plus plus. This component includes sandbox evasion techniques and encrypted runtime configurations, enabling it to remain hidden while maintaining long term access. It establishes persistence through system level agents and communicates with attacker infrastructure using HTTP based polling, allowing remote command execution on compromised devices.
According to David Zong, Head of Group Risk Control and Security at Bybit, “As one of the first crypto exchanges to publicly document this type of malware campaign, we believe sharing these findings is critical to strengthening collective defense across the industry. Our AI-assisted SOC allows us to move from detection to full kill chain visibility within a single operational window. What used to require a team of analysts working across multiple shifts – decompilation, IOC extraction, report drafting, rule writing – was completed in a single session with AI handling the heavy lifting and our analysts providing judgment and validation. Looking to the future, we will face an AI war. Using AI to defend against AI is an inevitable trend. Bybit will further increase its investment in AI for security, achieving minute-level threat detection and automated, intelligent emergency response.”
The investigation also uncovered social engineering tactics, including fake macOS password prompts used to capture credentials and attempts to replace legitimate wallet software with trojanized versions. The malware targets a broad set of environments, including Chromium based browsers, Firefox, Safari data, and local files containing financial or authentication information.
Bybit’s use of AI assisted workflows significantly accelerated the analysis process, reducing reverse engineering time and enabling same day deployment of detection measures. The company confirmed that malicious infrastructure was identified and mitigated within a single day, with public disclosure following shortly after.
The Claude Code malware campaign underscores a growing trend where attackers exploit search behavior and trusted tools to target developers. As AI adoption increases, such techniques are expected to become more prevalent, reinforcing the need for vigilance when downloading software and interacting with search results.
