Beware: Fake Claude Code Installation Sites Disguise Malware
In an alarming development, developers seeking installation instructions for Claude Code might unwittingly expose themselves to a sophisticated malware campaign. This campaign cleverly disguises itself as legitimate documentation for AI tools, posing serious threats to unsuspecting users.
Researchers have uncovered a network of fraudulent websites mimicking Claude Code and other developer platforms with the aim of stealing sensitive credentials, API keys, and even cryptocurrencies.
“The attack chain relies on the same uncontrolled trust that makes AI development tools so easy to adopt,” warned Straiker researchers in their detailed analysis of the campaign. They further emphasized the danger, stating: “You copy an order. You paste it into your terminal. By then, it’s already too late.”
Key Takeaways from the Fake Claude Code Campaign
- Researchers identified over 88 fake domains impersonating Claude Code and other developer platforms.
- The campaign employs SEO poisoning and Google ads to elevate malicious installation pages above genuine documentation in search results.
- Malicious commands are concealed within seemingly legitimate installation instructions without disrupting the intended installation process.
- The malware targets AI-related assets such as API keys, authentication tokens, and cloud development credentials.
Inside the Credential Theft Campaign
The credential theft campaign, active since March 2026, targets users of popular AI and development tools like Claude Code, Cline, JetBrains, Snowflake, and Perplexity Comet. According to researchers, the operation involves over 88 domains hosted on trusted platforms. The attackers utilize a continuously rotating infrastructure, enabling malicious sites to quickly reappear after removal.
To attract victims, cybercriminals employ SEO poisoning, redirect chains, and paid Google ads to place fraudulent installation pages prominently in search results. These counterfeit sites closely imitate legitimate vendor resources, offering installation commands that appear genuine but include hidden separators such as “&” to execute malicious actions alongside the intended software installation. Often, the legitimate command still functions successfully, masking the compromise.
Malware Delivery and Execution Techniques
Researchers observed various delivery techniques, including the use of rundll32.exe to load malicious DLLs, abuse of mshta.exe, Base64-encoded commands, GitHub-hosted scripts, and JavaScript-based payloads. By alternating these methods, attackers enhance their ability to evade traditional detection tools.
Unlike typical information stealers, this campaign specifically targets AI assets, including API keys, auth tokens, and cloud development credentials from tools like Cline and Continue[.]dev. Once executed, the malware initiates a multi-step infection chain featuring encrypted C2 communications, fileless execution techniques, anti-scan capabilities, and credential theft functionality.
The primary payload identified by researchers is ACRStealer, a sophisticated information-stealing malware that has evolved to incorporate advanced encryption and evasion mechanisms. ACRStealer can exfiltrate AI credentials, browser passwords, password manager data, VPN credentials, cryptocurrency wallets, messaging app data, and sensitive files. Additionally, a cryptocurrency clipboard hijacker was discovered, capable of redirecting transactions by replacing copied wallet addresses.
Must-Read Safety Coverage
Protecting AI Development Environments
These attacks often exploit trusted platforms, legitimate-looking documentation, and valid installation commands, so traditional security awareness training may not be sufficient to prevent compromise.
- Verify installation commands directly from official vendor documentation and train developers to inspect commands for suspicious operators before execution.
- Implement application control and endpoint detection tools to identify unauthorized scripts, fileless malware, and abuse of tools like PowerShell.
- Apply least privilege by using privileged access management tools and phishing-resistant MFA to mitigate the impact of compromised developer credentials.
- Utilize centralized secrets management and continuous scanning to detect exposed API keys, authentication tokens, and other sensitive credentials in developer environments and repositories.
- Restrict unnecessary services by deploying DNS and web filtering controls and monitoring outbound network traffic to detect connections to suspicious or newly registered domains.
- Establish governance policies for approved AI development tools and provide developers with verified installation sources to reduce exposure to spoofing sites and malicious downloads.
- Test incident response plans and employ attack simulation tools with scenarios involving credential theft and supply chain compromise.
Collectively, these measures can help organizations mitigate the risk of credential theft and malicious downloads.
Editor’s Note: This article was originally published on our sister publication, eSecurityPlanet.
For more information, visit the source link Here.
“`
