Fake Claude site installs malware that gives attackers access to your computer
claude
| Source: HN | Original article
A counterfeit website masquerading as Anthropic’s Claude AI chatbot was discovered distributing a malicious payload that grants attackers remote control of victims’ computers. Security researchers at Kaspersky and the Swedish CERT identified the fake domain, which mimics the look and URL structure of the official Claude portal, and found that it silently installs a trojanized version of the popular “Claude‑Web” client. Once executed, the malware opens a reverse shell, allowing threat actors to exfiltrate files, capture keystrokes and deploy additional ransomware.
The incident matters because Claude has become a high‑profile target for both legitimate users and cybercriminals. Since Anthropic’s recent rollout of Opus 4.7, demand for the model has surged, prompting a wave of phishing sites that promise free access or early‑beta features. Users who bypass official channels are now exposed to a new attack vector that blends social engineering with sophisticated remote‑access tools. The breach also underscores a broader trend: AI‑branded malware is leveraging the hype around large language models to increase download rates, echoing the concerns we raised in our April 19 piece on “Claude Mythos” and the security implications of AI model adoption.
What to watch next: Anthropic is expected to issue a public advisory and possibly pursue legal action against the domain registrars. Security firms will likely release indicators of compromise to help organizations block the trojan, while law‑enforcement agencies may track the actors behind the operation. Users should verify URLs, enable two‑factor authentication on Anthropic accounts and avoid unofficial clients. The episode serves as a reminder that the rapid diffusion of AI tools is creating fresh attack surfaces, and vigilance will be essential as the ecosystem matures.
Sources
Back to AIPULSEN