InstallFix: Not the application you were looking for

InstallFix is a widespread watering‑hole campaign that clones official installation documentation for Claude Code and lures users into executing attacker-supplied commands; variants include use of mshta with MSIX polyglot files and other living-off-the-land techniques to evade analysis. The report documents observed scale (dozens of cloned pages and scans), outlines indicators, and recommends mitigations for Windows and macOS such as DNS filtering, clipboard protections, WDAC, EDR/MDM, and Group Policy restrictions.