Fake "Claude Code" Install Guides Push Infostealers in InstallFix Attacks

Threat actors are using a new variant of the ClickFix social engineering technique called InstallFix to deceive users into executing malicious commands, falsely presented as installation steps for legitimate command line interface (CLI) tools. The attack involves fake guides for installing "Claude Code," which distribute infostealers to compromise systems. No specific threat groups, dates, or technical indicators (such as CVE IDs) were disclosed in the report. The primary impact is the deployment of infostealers, which can exfiltrate sensitive data from infected devices. The campaign leverages social engineering to manipulate users into running harmful commands under the guise of legitimate software setup.