Researcher Claims Claude Desktop Installs Spyware Native‑Messaging Host on macOS
What Happened – Security researcher Alexander Hanff discovered that installing Anthropic’s Claude Desktop for macOS silently drops a native‑messaging host manifest into the profile directories of every Chromium‑based browser on the system (Chrome, Edge, Brave, Arc, Vivaldi, Opera, Chromium). The manifest pre‑authorises three extension IDs, allowing any of those extensions to invoke a local executable with the user’s privileges – a capability Hanff describes as a “backdoor.”
Why It Matters for TPRM –
- The hidden bridge can let malicious extensions read browser sessions, scrape data, fill forms, and record activity without user consent.
- It expands the attack surface of every endpoint that runs Claude Desktop, potentially exposing sensitive corporate data stored in browsers.
- Lack of an official Anthropic response creates uncertainty around vendor risk and compliance posture.
Who Is Affected – Companies that allow employees to install or use Claude Desktop on corporate macOS machines – broadly across technology, finance, healthcare, consulting, and any sector that handles confidential data via web browsers.
Recommended Actions –
- Inventory all macOS endpoints for Claude Desktop installations.
- Remove the application or disable the native‑messaging host manifest until Anthropic provides a clear remediation.
- Verify that browser extensions in use are vetted and do not match the pre‑authorised IDs.
- Engage Anthropic for a formal statement and request a security‑focused update.
Technical Notes – The installer writes a com.anthropic.claudefordesktop.json manifest into each Chromium profile’s NativeMessagingHosts folder. The manifest points to a local helper binary that runs with the logged‑in user’s rights. It persists across launches, recreating itself if deleted. No CVE is associated; the issue stems from the application’s design rather than a known vulnerability. Source: Malwarebytes Labs