Fake Anthropic Websites Deploy Fileless Infostealer Targeting Claude Code Users
What Happened — Threat actors have registered look‑alike domains that mimic Anthropic’s official sites and are serving a fileless, browser‑credential‑stealing payload to users of Claude Code, Anthropic’s AI‑assisted coding assistant. The campaign relies on social‑engineering to lure developers to the fake pages, where a malicious script runs in‑memory and harvests saved browser passwords.
Why It Matters for TPRM —
- Credential theft can give attackers lateral access to downstream SaaS tools and corporate networks.
- Fileless techniques bypass many traditional endpoint detections, raising the risk profile of any third‑party AI service integrated into development pipelines.
- The use of brand‑spoofed domains erodes trust in legitimate vendors and may affect contractual security clauses.
Who Is Affected — Technology & SaaS vendors offering AI‑assisted development tools, their enterprise customers, and any downstream services accessed via the compromised browsers.
Recommended Actions —
- Verify that all Anthropic‑related URLs used by your teams are authentic (e.g., via DNS allow‑lists).
- Enforce MFA and password managers that do not store credentials in the browser.
- Update endpoint detection to include heuristics for fileless, in‑memory scripts.
- Review third‑party risk contracts for clauses covering brand‑spoofing and credential‑theft incidents.
Technical Notes — The attack vector is a phishing‑style domain spoof combined with a fileless JavaScript infostealer that runs in the browser context, exfiltrating saved credentials to a command‑and‑control server. No known CVE is involved; the threat relies on social engineering and in‑memory execution. Source: HackRead