Developers looking into Claude Code deployment instructions could be lured into an advanced malware campaign that hides itself as a genuine AI tooling documentation.
Fake Claude code exploit
Experts found a few fake Claude Code and developer platform websites built to steal credentials, cryptocurrency, and API keys.
According to Straiker researchers, “the attack chain runs on the same unchecked trust that makes AI developer tools so easy to adopt. “You copy a command. You paste it in your terminal. By then, it’s already too late,” said Straiker researchers in their analysis of the campaign.
Highlights of the fake Claude code campaign
1. Experts found over 88 fake domains mimicking Claude Code and other developer sites. The campaign utilises SEO infection and Google ads to deploy malicious install web pages over genuine documentation.
2. Threat actors hide infected commands within genuine installation commands, without impacting the deployment process.
3. The malware particularly attacks AI-based assets such as cloud development credentials, API keys, and verification tokens.
About the credential theft campaign
The campaign attacked users of famous AI and developer tools, such as Claude Code, JetBrains, Perplexity Comet, and Cline.
As per the experts, the operation depends on over 88 domains hosted throughout genuine platforms and constantly shuffles infrastructure, letting malicious sites to immediately resurface after shutdowns. To trap targets, threat actors use redirect chains, SEO poisoning and paid Google ads that place scammed installations over genuine documentation in search results.
These websites closely impersonate genuine vendor resources and demonstrate installation commands that look genuine but include hidden separators, such as “&,” that launch malicious actions along with the expected software deployment.
In various incidents, the genuine command still runs effectively, helping hide the hack.
Delivery of malware and launch tactics
Experts found various delivery techniques, such as rundll32.exe loading infected DLLs, Base64-encoded commands, mshta.exe abuse, JavaScript-based payloads, and GitHub-hosted scripts.
By such techniques, hackers improve their potential to escape convention detection tools. Contrary to infostealers, the campaign pick on AI assets like authentication tokens, API Key, and cloud development credentials from tools such as Continue[.]dev, Cline.
After execution, the malware uses a multi-level malicious chain that features encoded C2 communications, anti-analysis capabilities, fileless execution tactics, and credential theft functions.
Experts found the primary payload as ACRStealer, a malware family that steals information and has developed to include sophisticated encryption and escape tactics. Experts also identified a cryptocurrency clipboard hacker that rediverts transactions by replacing copied wallet addresses.
