Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users - Hackread

Detailed Analysis

Cybercriminals have deployed fraudulent websites impersonating Anthropic to distribute fileless infostealer malware specifically targeting users of Claude Code, Anthropic's AI-powered coding assistant. The campaign leverages typosquatting or lookalike domains to deceive developers who may be searching for Claude Code downloads, documentation, or tooling, luring them into executing malicious payloads that operate entirely in memory rather than writing files to disk. Fileless malware of this nature is particularly dangerous because it evades traditional antivirus and endpoint detection tools that rely on scanning the file system, instead injecting malicious code into legitimate system processes such as PowerShell or Windows Management Instrumentation.

The targeting of Claude Code users is strategically significant. Developers and technical professionals who use AI coding tools typically have elevated system privileges, access to source code repositories, API keys, cloud credentials, and CI/CD pipeline configurations — all of which represent high-value targets for credential theft and subsequent supply chain compromise. An infostealer deployed against this demographic can harvest browser-stored passwords, session tokens, SSH keys, and environment variables, potentially granting attackers lateral movement into corporate infrastructure or access to sensitive intellectual property. The specificity of the lure — impersonating a legitimate and increasingly prominent AI development tool — reflects threat actors' growing sophistication in tailoring social engineering to niche but high-value professional communities.

This campaign fits within a well-documented broader trend of malicious actors exploiting the rapid mainstream adoption of AI developer tools as an attack surface. As products like Claude Code, GitHub Copilot, and similar AI coding assistants have grown in user bases rapidly, they have become attractive impersonation targets precisely because the tools often require installation steps, API key configuration, or plugin setup that can be mimicked convincingly in a phishing scenario. Security researchers have noted a surge in AI-themed malware delivery campaigns since 2023, with fake ChatGPT, Midjourney, and now Anthropic-branded sites being used to push stealers, remote access trojans, and cryptominers.

The fileless delivery mechanism underscores an accelerating shift in the threat landscape toward living-off-the-land techniques that abuse legitimate operating system functionality. By residing exclusively in memory and leveraging built-in tools like PowerShell, WMIC, or the Windows registry for persistence, these attacks leave minimal forensic traces and are substantially harder to detect and remediate after the fact. Organizations deploying Claude Code across developer teams should enforce strict application whitelisting, monitor for anomalous PowerShell execution, require all software downloads to come from verified official sources, and implement DNS filtering to block known malicious lookalike domains. Anthropic, like other major AI vendors, faces mounting pressure to actively monitor for domain impersonation and issue timely public advisories to protect its growing developer user base.