Attackers exploit trusted AI platforms and ads
π Threat actors abused trusted services β Google Ads, GitLab Pages, and Claudeβs shared-chat feature β to trick developers into executing malicious PowerShell and terminal commands via ClickFix social engineering. Researchers at TrendAI observed a six-wave campaign that funnelled over 2,000 victims from sponsored search results to malicious pages and then to weaponized Claude shared chats. By impersonating popular developer tools and brands, the attackers leveraged reputation stacking to make their lures appear legitimate and evade detection.
