Beware: Fake Claude Code Pages on Google Search Are Stealing Crypto Assets

A Growing Threat in Google Search Results

A recent wave of cyberattacks leverages Google Ads to redirect users to counterfeit pages mimicking the official Claude Code website. These clones are nearly indistinguishable from the real site, with spoofed URLs designed to trick even cautious users.

What the Malware Can Steal

Once the disguised installer is executed, it silently harvests sensitive data, including:

• Saved passwords and form data from browsers
• Active session cookies and authentication tokens
• Cryptocurrency wallet seeds and private keys
• System fingerprints and network configurations

Attackers can use this information to hijack accounts, drain digital assets, and launch further internal network attacks.

How to Stay Protected

To defend against these sophisticated scams, follow these best practices:

• Look for the “Ad” label in search results—prioritize organic links
• Double-check the domain for subtle typos or deceptive subdomains (e.g., claude-code.net)
• Verify installation methods through official channels like GitHub, documentation, or verified social media
• Never run terminal commands from untrusted sources without understanding their function
• Use security extensions that block phishing sites and detect suspicious behaviors in real time

Defense starts with awareness. By adopting proactive habits, you can stop threats before they reach your system.