Fake AI Tool Installers on GitHub Deploy Deno‑Based RAT Targeting Developers and End‑Users
What Happened — Attackers published counterfeit installers for popular AI models (ChatGPT, Claude) and audio‑production tools on GitHub and SourceForge. The installers drop a backdoor called DinDoor, which then loads a Deno‑runtime Remote Access Trojan (RAT) that runs entirely in memory. Compromised YouTube channels funnel victims to the malicious repositories, and the campaign continuously rotates Git‑hosting accounts to evade takedown.
Why It Matters for TPRM —
- The supply‑chain abuse leverages trusted development platforms, making detection by conventional endpoint tools difficult.
- The RAT exfiltrates cryptocurrency wallets, browser credentials, and messaging app tokens, exposing downstream partners to financial loss and reputational damage.
- Persistent malicious code can remain on vendor‑managed workstations for months, increasing the attack surface of any third‑party relationship that relies on open‑source tooling.
Who Is Affected — technology SaaS providers, software development firms, audio‑production companies, and any organization whose staff download third‑party tools from public code repositories.
Recommended Actions —
- Block execution of unsigned installers and scripts from public Git repositories on corporate endpoints.
- Enforce strict allow‑list policies for package managers (Scoop, WinGet) and require code‑signing verification.
- Conduct a rapid inventory of any systems that have recently installed Deno or the listed AI/audio tools and scan for the DinDoor persistence registry key.
Technical Notes — Attack vector: MALWARE delivered via counterfeit installers hosted on third‑party code‑hosting sites (GitHub, SourceForge). No specific CVE is cited. The RAT collects system details, cryptocurrency wallet files, browser‑saved passwords, and can stream live screen video via an Edge‑based WebRTC tunnel, evading network‑based detection. Source: Help Net Security