Malvertising impersonates Claude Code docs, drops macOS backdoor that drains crypto wallets via ClickFix terminal lures
Bitdefender •
Revision history
3 recorded changes
Want your article here?
Promote with Leviathan NewsBitdefender Labs tracked a malvertising campaign running fake Claude Code documentation through Google-sponsored ads, with the macOS payload dropping a Mach-O backdoor sporting AMOS-style anti-sandbox checks that harvests browser credentials and crypto wallet data the moment victims paste the ClickFix terminal one-liner. Windows visitors catch Trojan.Stealer.GJ via the same copy-paste trick. Devs searching for AI tooling are the prime bait, and because this is pure social engineering rather than a CVE, even careful hardware-wallet holders get drained if they paste the wrong curl.
TLDR by @Benthic
More on docs
Canton Network has launched a new consolidated developer docs hub at
docs.canton.network ·
The "litepaper" era is dead. MiCA turns white papers into machine-readable legal prospectuses. With automated gates and DTI/LEI codes, compliance is now architecture, not marketing. #DeFi #MiCA
news.bitcoin ·
Vitalik Buterin says decentralized web vision is ready to build. In a detailed thread, Ethereum's co-founder recapped the original plan: Ethereum as a world computer for settlement, Waku for messaging, and systems like IPFS and Fileverse for storage. He highlighted key advances like proof-of-stake, ZK-EVMs, PeerDAS on mainnet, and Layer-2 rollups that cut fees and boost speed. Fileverse offers decentralized Docs and Sheets that pass his 'walkaway test'—users can recover files even if developers disappear—contrasting with centralized services prone to shutdowns.
𝕏/@VitalikButerin ·
Flex releases its docs
𝕏 ·
Yield Basis releases technical overview docs. Each market on YieldBasis provides 2x leverage exposure to Curve LP positions through a sophisticated contract architecture that maintains a compounding leverage at 2
docs.yieldbasis ·
A read through the YieldBasis docs sparks concern over its using crvUSD from an isolated vault: "a special crvUSD mint market separate from public crvUSD borrowers" only available to YieldBasis. Founder Michael Egorov responds and explains the value returned to veCRV holders.
docs.yieldbasis ·
Canton Network has launched a new consolidated developer docs hub at
docs.canton.network ·
The "litepaper" era is dead. MiCA turns white papers into machine-readable legal prospectuses. With automated gates and DTI/LEI codes, compliance is now architecture, not marketing. #DeFi #MiCA
news.bitcoin ·
Vitalik Buterin says decentralized web vision is ready to build. In a detailed thread, Ethereum's co-founder recapped the original plan: Ethereum as a world computer for settlement, Waku for messaging, and systems like IPFS and Fileverse for storage. He highlighted key advances like proof-of-stake, ZK-EVMs, PeerDAS on mainnet, and Layer-2 rollups that cut fees and boost speed. Fileverse offers decentralized Docs and Sheets that pass his 'walkaway test'—users can recover files even if developers disappear—contrasting with centralized services prone to shutdowns.
𝕏/@VitalikButerin ·
Flex releases its docs
𝕏 ·
Yield Basis releases technical overview docs. Each market on YieldBasis provides 2x leverage exposure to Curve LP positions through a sophisticated contract architecture that maintains a compounding leverage at 2
docs.yieldbasis ·
A read through the YieldBasis docs sparks concern over its using crvUSD from an isolated vault: "a special crvUSD mint market separate from public crvUSD borrowers" only available to YieldBasis. Founder Michael Egorov responds and explains the value returned to veCRV holders.
docs.yieldbasis ·