HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Fake Anthropic Websites Deploy Fileless Infostealer Targeting Claude Code Users

Threat actors have created counterfeit Anthropic sites that serve a fileless infostealer to Claude Code users, harvesting browser credentials without leaving files on disk. The campaign threatens the confidentiality of downstream SaaS services and highlights the need for strict URL verification and credential hygiene in third‑party risk programs.

LiveThreat™ Intelligence · 📅 May 30, 2026· 📰 hackread.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
hackread.com

Fake Anthropic Websites Deploy Fileless Infostealer Targeting Claude Code Users

What Happened — Threat actors have registered look‑alike domains that mimic Anthropic’s official sites and are serving a fileless, browser‑credential‑stealing payload to users of Claude Code, Anthropic’s AI‑assisted coding assistant. The campaign relies on social‑engineering to lure developers to the fake pages, where a malicious script runs in‑memory and harvests saved browser passwords.

Why It Matters for TPRM

  • Credential theft can give attackers lateral access to downstream SaaS tools and corporate networks.
  • Fileless techniques bypass many traditional endpoint detections, raising the risk profile of any third‑party AI service integrated into development pipelines.
  • The use of brand‑spoofed domains erodes trust in legitimate vendors and may affect contractual security clauses.

Who Is Affected — Technology & SaaS vendors offering AI‑assisted development tools, their enterprise customers, and any downstream services accessed via the compromised browsers.

Recommended Actions

  • Verify that all Anthropic‑related URLs used by your teams are authentic (e.g., via DNS allow‑lists).
  • Enforce MFA and password managers that do not store credentials in the browser.
  • Update endpoint detection to include heuristics for fileless, in‑memory scripts.
  • Review third‑party risk contracts for clauses covering brand‑spoofing and credential‑theft incidents.

Technical Notes — The attack vector is a phishing‑style domain spoof combined with a fileless JavaScript infostealer that runs in the browser context, exfiltrating saved credentials to a command‑and‑control server. No known CVE is involved; the threat relies on social engineering and in‑memory execution. Source: HackRead

📰 Original Source
https://hackread.com/fake-anthropic-sites-fileless-infostealer-claude-code-users/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →