A new wave of attacks is delivering malware to software engineers through expertly forged websites posing as the official download page for Anthropic's Claude Code. Security researchers report that threat actors have constructed convincing replicas of Anthropic's branding to distribute trojanized installers for the popular AI coding tool. The fraudulent sites, which use HTTPS and domain names strikingly similar to legitimate ones, are being promoted through search engine advertisements. When developers search for "Claude Code download," these paid links often appear above organic results. The pages feature download buttons that deliver malicious executables for Windows and .dmg files for macOS, not the actual tool. On Windows systems, the installer deploys an information-stealing program designed to collect credentials, browser data, and cryptocurrency wallet details. The macOS version installs a persistent payload that exfiltrates sensitive information from the compromised machine. Both strains attempt to masquerade as normal system processes. This method capitalizes on the rapid adoption of new AI tools. Claude Code is legitimately installed via the npm package manager using the command `npm install -g @anthropic-ai/claude-code`. There is no official standalone installer downloaded from a website. This discrepancy is a key red flag. The campaign's implications are severe. A developer's workstation typically holds access to source code, cloud credentials, and deployment pipelines. A single breach can provide a gateway into an organization's core infrastructure. Because the attack intercepts users actively seeking a tool, it bypasses much of the skepticism applied to random phishing emails. Similar impersonation campaigns have recently targeted other AI and developer tools. Security teams are advised to immediately clarify official installation channels for such utilities, restrict downloads of unsigned binaries from unverified sources, and monitor developer systems for unusual network activity. Anthropic's documentation explicitly names npm as the sole installation method, though the company has not released a formal security advisory regarding these fake pages. As AI-assisted coding becomes commonplace, the tools are inevitably drawing more sophisticated threats. The trust and enthusiasm driving their adoption are the very elements being exploited.

Source: Webpronews