Signal
Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-03-09 10:48 UTCUpdated 2026-03-09 13:07 UTC
rss
malwarebytes_threat_analysis
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.3 top sources shown
Overview
Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog. The post ClickFix Attack Uses Windows Terminal to Evade Detection appeared first on SecurityWeek .
Score total
1.38
Momentum 24h
4
Posts
4
Origins
3
Source types
1
Duplicate ratio
0%
All evidence
All evidence
Fake Claude Code install pages hit Windows and Mac users with infostealers
Malwarebytes Threat Analysis · malwarebytes.com · 2026-03-09 13:07 UTC
ClickFix Attack Uses Windows Terminal to Evade Detection
SecurityWeek · securityweek.com · 2026-03-09 12:51 UTC
Fake Claude Code install pages highlight rise of “InstallFix” attacks
Help Net Security · helpnetsecurity.com · 2026-03-09 10:48 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
- Malwarebytes Threat Analysis (1)
- SecurityWeek (1)
- Help Net Security (1)
Top origin domains (this list)
- malwarebytes.com (1)
- securityweek.com (1)
- helpnetsecurity.com (1)