Anthropic embeds spyware in Claude Desktop installer.
anthropic claude privacy
| Source: Mastodon | Original article
Anthropic’s Claude Desktop client has been found to bundle a hidden drop‑per that installs spyware on Windows machines. Security researchers who examined the installer discovered that, after the legitimate Claude application is placed in C:\Program Files (x86)\Anthropic\Claude, the desktop shortcut points to a VBScript (Claude.vbs) stored in a temporary SquirrelTemp folder. Clicking the shortcut launches the real AI interface while the script silently runs a second‑stage payload that opens a back‑door to the host, granting remote access to files and system information.
The malicious component is concealed within an MSI package that mimics Anthropic’s official installation chain, making it indistinguishable from the genuine download for most users. The drop‑per activates only when the shortcut is used, meaning the spyware can remain dormant for days or weeks before any network traffic is observed. Researchers say the code bears hallmarks of known commercial surveillance toolkits, suggesting a deliberate effort rather than an accidental bundling.
The revelation matters because Claude Desktop is marketed as a productivity‑boosting “local‑first” AI assistant, promising seamless integration with email, calendars and file systems. By embedding a covert back‑door, Anthropic undermines the very privacy guarantees it touts, exposing corporate and personal data to potential exploitation. The incident also adds to a string of recent security concerns around Anthropic, including the NSA’s covert use of its Mythos model despite a blacklist and the reverse‑engineering of Claude’s codebase that revealed extensive operational harnesses.
What to watch next: Anthropic has not issued a formal comment, but industry analysts expect an emergency patch and a thorough audit of the desktop distribution pipeline. Regulators in the EU and Norway may open investigations under GDPR and the upcoming AI Act. Users are advised to uninstall Claude Desktop immediately, verify the integrity of any remaining files, and monitor network traffic for suspicious outbound connections. The episode is likely to accelerate calls for stricter supply‑chain security standards for AI software.
Sources
Back to AIPULSEN