Cybercriminals are deploying deceptive websites masquerading as renowned Artificial Intelligence (AI) tools to ensnare software developers into downloading malware designed to exfiltrate sensitive data.
This alarming trend was initially identified on April 21, 2026, by an astute independent security researcher, @g0njxa, on the platform X (formerly Twitter).
In the wake of this discovery, the cybersecurity firm EclecticIQ published a comprehensive report on May 21, 2026, revealing that a singular, financially motivated threat actor had been establishing malicious domains since early March 2026.
This insidious campaign is primarily aimed at software developers in the United States and the United Kingdom, exploiting their expectation of reliability in emerging AI applications.
The Search Engine Trap
This sophisticated attack employs SEO poisoning to elevate fraudulent installation pages within Google’s search results.
Consequently, developers seeking tools such as the Google Gemini Command Line Interface (CLI) or Anthropic’s Claude Code are misled to typosquatting domains like geminicli.co.com claudecode.co.com.
These websites meticulously replicate the official vendor documentation, creating an illusion of authenticity.
Upon visiting the counterfeit Gemini site, users are instructed to replicate a PowerShell command into their terminal.
This command interfaces withgemini-setup.com, subsequently downloading a malicious script titled start.ps1.
In a tactical maneuver designed to avert suspicion, this script utilizes the npm package manager to install the genuine Gemini CLI clandestinely.
While developers engage with the authentic tool, the malware clandestinely infiltrates their systems. A parallel operation commenced on March 30, deploying similar tactics through claudecode.co.com and claude-setup.com.@g0njxa’s post on X
Memory Injection and Data Theft
The payload utilized is a fileless infostealer that operates entirely within the system’s memory via PowerShell, thereby leaving no forensic trail on the local disk.
Once activated, according to EclecticIQ’s blog post, it initiates by disabling the Antimalware Scan Interface (AMSI) and Event Tracing for Windows (ETW), effectively blinding the system’s local defenses before targeting sensitive information across three distinct areas:
- Browsers: It captures login credentials, session cookies, and autofill history from Firefox, Chrome, Edge, Brave, among others.
- Applications: It infiltrates platforms such as Slack, Microsoft Teams, Zoom, Discord, Mattermost, Notion, Telegram, and Zoho Mail to pilfer DPAPI-protected keys and session cookies. This information permits cybercriminals to breach internal corporate networks without needing passwords.
- Files and Wallets: The malware extracts OpenVPN configuration files, cryptocurrency data from Brave and Spectre wallets, alongside files from cloud storage locations including Google Drive, OneDrive, iCloud, Proton Drive, and MEGA.
Additionally, the capability for remote code execution empowers attackers to transition from passive, automated data theft to active, hands-on intrusions within the compromised networks.
All pilfered data is encrypted and subsequently exfiltrated to command-and-control servers at vents.msft23.com, events.ms709.com, and mo2307.com.
Moreover, over 30 other malicious domains targeting software tools like Node.js, Chocolatey, KeePassXC, WinSCP, Cyberduck, and PuTTY are also operated by these cybercriminals.
Remarkably, they even utilized a stolen Extended Validation (EV) certificate from Shenzhen Xingzhongxing Electronic Technology Co., Ltd. to circumvent Windows security alerts.
Given that these counterfeit websites rank prominently in search engine results, developers are advised to meticulously verify their download sources rather than blindly trusting the top results.
Developers and users of AI tools are urged to download software solely from legitimate websites. It is imperative to remain vigilant against look-alike domain names and to utilize VirusTotal to scan any downloaded files prior to execution or installation on devices.
Source link: Hackread.com.
