Fake Claude code download sites spread infostealer malware, security firms warn

Security researchers at Periscope Tech disclosed that a new supply‑chain‑style campaign is weaponising the hype around Anthropic’s Claude model to deliver infostealer malware to developers. The attackers publish counterfeit “Claude code” download pages that look identical to the official installer, then bid on sponsored search results so that anyone typing “Claude code download” into a search engine is likely to land on the malicious site before the legitimate one, the firm’s March 16 threat alert explains.

When a developer copies the advertised installation command and runs it on a workstation, the payload silently installs a multi‑purpose infostealer. According to Periscope Tech, the malware harvests browser credentials, session cookies, API tokens and even cryptocurrency wallet data, then exfiltrates the information to command‑and‑control servers under the attackers’ control. The researchers note that the code‑stealing functionality is modular, allowing the same dropper to be repurposed for future AI‑tooling campaigns.

The operation underscores a broader trend: AI development ecosystems are becoming attractive vectors for cyber‑crime. Periscope Tech’s analysis points out that the rapid adoption of large‑language‑model APIs and the growing reliance on third‑party tooling create a fertile ground for supply‑chain attacks. By hijacking the very channels developers use to acquire legitimate AI software, threat actors can bypass many traditional security controls that focus on corporate networks rather than the developer’s own machine.

Periscope Tech recommends immediate mitigation steps for developers and organisations. First, verify the source of any Claude‑related binaries by checking the URL against Anthropic’s official documentation and using hash verification where available. Second, avoid executing copy‑and‑paste commands from search‑engine ads; instead, navigate directly to the vendor’s site or trusted repositories. Finally, organisations should enforce endpoint detection and response (EDR) solutions capable of flagging the known infostealer behaviours described in the report, and consider sandboxing any newly downloaded AI tools before they reach production environments.

The campaign arrives at a time when the AI tooling market is expanding rapidly, with competitors such as Microsoft’s Fara‑7B and Nvidia’s latest generative‑AI integrations drawing heightened attention from both developers and attackers. While Periscope Tech’s alert is the first public disclosure of this specific Claude‑code hoax, it serves as a warning that the rush to adopt cutting‑edge AI models may also bring a surge in targeted malware designed to exploit the very tools meant to accelerate innovation.