Fake Claude Code Installers Deliver Credential-Stealing Malware  | eSecurity Planet

Fake Claude Code Installers Deliver Credential-Stealing Malware 

Fake Claude Code sites are using malicious install commands to steal AI credentials, API keys, and cryptocurrency.

Written By
Ken Underhill
Ken Underhill
Jun 1, 2026
3 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Developers searching for Claude Code installation instructions could be walking into a sophisticated malware campaign that disguises itself as legitimate AI tooling documentation. 

Researchers found dozens of fake Claude Code and developer platform sites designed to steal credentials, API keys, and cryptocurrency. 

“The attack chain runs on the same unchecked trust that makes AI developer tools so easy to adopt,” said Straiker researchers in their analysis of the campaign.

They added, “You copy a command. You paste it in your terminal. By then, it’s already too late.”

Key Takeaways of the Fake Claude Code Campaign

  • Researchers identified more than 88 fake domains impersonating Claude Code and other developer platforms.
  • The campaign uses SEO poisoning and Google ads to place malicious install pages above legitimate documentation.
  • Attackers hide malicious commands inside seemingly legitimate installation instructions, often without disrupting the expected installation process.
  • The malware specifically targets AI-related assets, including API keys, authentication tokens, and cloud development credentials.

Inside the Credential Theft Campaign 

The campaign has targeted users of popular AI and developer tools, including Claude Code, Cline, JetBrains, Snowflake, and Perplexity Comet, since Mar. 2026. 

According to researchers, the operation relies on more than 88 domains hosted across trusted platforms and continuously rotates infrastructure, allowing malicious sites to quickly reappear after takedowns.

To lure victims, threat actors use SEO poisoning, redirect chains, and paid Google advertisements that place fraudulent installation pages above legitimate documentation in search results. 

These sites closely mimic authentic vendor resources and present installation commands that appear legitimate but contain hidden separators, such as “&”, that execute malicious actions alongside the expected software installation. 

In many cases, the legitimate command still runs successfully, helping conceal the compromise.

Advertisement

Malware Delivery and Execution Techniques 

Researchers observed a variety of delivery techniques, including rundll32.exe loading malicious DLLs, mshta.exe abuse, Base64-encoded commands, GitHub-hosted scripts, and JavaScript-based payloads. 

By rotating these methods, attackers improve their ability to evade traditional detection tools.

Unlike typical infostealers, this campaign targets AI assets such as API keys, authentication tokens, and cloud development credentials from tools like Cline and Continue[.]dev. 

Once executed, the malware deploys a multi-stage infection chain featuring encrypted C2 communications, fileless execution techniques, anti-analysis capabilities, and credential theft functionality. 

Researchers identified the primary payload as ACRStealer, an information-stealing malware family that has evolved to incorporate advanced encryption and evasion mechanisms.

The malware can steal AI credentials, browser passwords, password manager data, VPN credentials, cryptocurrency wallets, messaging app data, and sensitive files. 

Researchers also found a cryptocurrency clipboard hijacker that redirects transactions by replacing copied wallet addresses. 

Protecting AI Development Environments 

Attacks like this often rely on trusted platforms, legitimate-looking documentation, and valid installation commands, so traditional security awareness training alone may not be enough to prevent compromise. 

  • Verify installation commands directly from official vendor documentation and train developers to inspect commands for suspicious operators before execution.
  • Implement application control and endpoint detection tools that can identify unauthorized scripts, fileless malware activity, and abuse of tools like PowerShell.
  • Enforce least-privilege access, use privileged access management tools, and phishing-resistant MFA to limit the impact of compromised developer credentials.
  • Use centralized secrets management and continuous scanning to identify exposed API keys, authentication tokens, and other sensitive credentials across developer environments and repositories.
  • Restrict unnecessary services, deploy DNS and web filtering controls, and monitor outbound network traffic for connections to suspicious or newly registered domains.
  • Establish governance policies for approved AI development tools and provide developers with verified installation sources to reduce exposure to impersonation sites and malicious downloads.
  • Test incident response plans and use attack simulation tools with scenarios around credential theft and supply chain compromise.

Collectively, these measures can help organizations reduce exposure to credential theft and malicious downloads.

Advertisement

Growing Risk to AI Assets 

The growing adoption of AI development tools is creating new opportunities for cybercriminals. 

As AI assistants become embedded in software development and business operations, assets such as API keys, model credentials, authentication tokens, and cloud development access are remaining attractive targets. 

To help address these growing risks, organizations are adopting zero trust solutions that continuously verify users, devices, and access requests before granting access to sensitive resources. 

Ken Underhill

Ken Underhill is an award-winning cybersecurity professional, bestselling author, and technology leader with more than 25 years of experience in IT, cybersecurity, and risk management. His career spans network administration, incident response, penetration testing, and entrepreneurship, giving him firsthand experience helping organizations reduce risk and ensure compliance. Ken is also a former nurse and combat medic and he uses this background to break down complex cybersecurity topics into digestible content for a broad, global audience. A multi-exit cybersecurity founder, Ken has spent decades helping organizations strengthen their security posture, manage risk, and navigate complex technology challenges. His expertise includes overall cybersecurity strategy, cloud security, incident response, risk management, security awareness, and emerging threats affecting businesses. Ken is also an advisor to multiple startups on AI security and risk. In addition to his hands-on industry experience, Ken is a cybersecurity newsletter writer for TechnologyAdvice, where he covers cybersecurity news/trends and actionable best practices for business and IT professionals. Ken is also an educator with over 2 million people going through his courses over the years. He has won the Global Cybersecurity 40 under 40 (2x winner), the Cyber Champion award from Women's Society of Cyberjutsu, and the 2019 SC Media award for Outstanding Educator. Ken is also a volunteer with organizations like Minorities in Cybersecurity, Black Girls Hack, and the Whole Cyber Human Initiative, which helps veterans transition into security careers. Ken holds a Master of Science in Cybersecurity and Information Assurance from Western Governors University and a Bachelor of Science in Information Systems, with a major in Cybersecurity Management, from Strayer University. His certifications include the Certificate of Cloud Security Knowledge (CCSK), Certified Ethical Hacker (CEH), and Computer Hacking Forensic Investigator (CHFI) and he is a former adjunct professor of Digital Forensics. Ken also had a streaming cybersecurity television show from 2020-2022 that reached over 200K monthly viewers around the world. His work and expertise have been featured in Forbes, Reader's Digest, Medium, TechRepublic, Fox, NBC, CBS, Dark Reading, MSN Money, and other leading publications and media outlets, making him a trusted voice on cybersecurity, election security, and privacy.

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.