The gist: Attackers leverage the credibility of established AI tools like Claude to make social engineering attacks more convincing and bypass security filters.
In a six-wave campaign spanning seven weeks, attackers lured more than 2,000 users via Google Ads to malicious websites, abusing platforms such as GitLab Pages and Claude’s Share feature to compel them to execute malicious code.
The campaign targeted developers and technically savvy users by tricking them into copying and executing malicious PowerShell or terminal commands (ClickFix attacks). The fraudsters impersonated popular AI development tools — including ChatGPT Codex, Perplexity, Cursor IDE, JetBrains, and Claude AI — and deployed 92 different malicious hostnames, predominantly hosted on GitLab Pages.
The campaign unfolded in six phases between April 8 and June 14. In the first four phases (April 8 to May 5), attackers primarily used Google Ads with campaign ID 23736589328 to direct users to GitLab Pages variants such as claude-code-app.gitlab.io and claude-desktop-app.gitlab.io. Starting with the fifth phase (May 6 to May 14), they shifted their activities to Claude.ai’s legitimate Share feature, which provides publicly accessible, persistent URLs on the trusted claude.ai domain. In the sixth phase (June 21 to June 14), all attacks relied entirely on this share function.
Security experts emphasize that the campaign succeeded because it consistently leveraged legitimate platforms throughout the attack chain. Users automatically trust AI tools as sources for productivity tips and technical advice — an expectation attackers exploited. This made malicious instructions more convincing and increased compliance rates.
The particular risk lies in the fact that reputation-based security mechanisms fail against this method. The attack does not ask users to trust something obviously suspicious; rather, it disguises itself as normal interaction with trusted services. This demonstrates how attackers can systematically weaponize growing familiarity with AI platforms against users.
Source: www.csoonline.com · Published June 18, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.1.