Fake Claude Installer Deploys Infostealers on Windows and macOS

A new campaign observed by Malwarebytes lures victims into downloading what appears to be an official Claude AI code installer. The malicious package is distributed through phishing emails and compromised sites, masquerading as a legitimate development tool for both Windows and macOS. Once executed, the installer silently drops credential‑stealing modules and, in some cases, cryptocurrency mining components onto the host.

The payload harvests browser passwords, email accounts, and other saved credentials, then exfiltrates them to command‑and‑control servers. On infected machines, a hidden miner can consume CPU resources, degrading performance and increasing utility costs. Defenders should update endpoint detection rules, block known distribution URLs, and reinforce user awareness about verifying software sources, especially for AI tools that are increasingly targeted.

Categories: Threat Intelligence, Malware & Ransomware, AI Security & Threats

Source: Read original article