Trojanized Gemini & Claude Installer Sites Use SEO Poisoning to Deliver File‑less Malware to Developers
What Happened — Cybercriminals have created counterfeit download pages for Google Gemini and Anthropic Claude AI model installers. By abusing search‑engine optimization (SEO) poisoning, the fake sites rank highly for relevant queries and serve file‑less, trojanized payloads that execute in‑memory and harvest source code, API keys, and other developer assets.
Why It Matters for TPRM —
- Supply‑chain risk: Compromised AI tool installers can become a vector for downstream breaches in any organization that integrates the models.
- Data exfiltration: Stolen code repositories and credentials provide attackers footholds into critical business applications.
- Reputation & compliance: Exposure of proprietary IP may trigger contractual and regulatory fallout for vendors and their clients.
Who Is Affected — Software development firms, SaaS providers, cloud‑native enterprises, and any organization that encourages developers to download AI model toolkits.
Recommended Actions —
- Verify the authenticity of AI model installer URLs; prefer official vendor portals or package managers.
- Deploy web‑content filtering and DNS threat intelligence to block known malicious domains.
- Conduct code‑base audits for signs of unauthorized modifications or embedded payloads.
- Update endpoint detection and response (EDR) policies to detect file‑less execution patterns.
Technical Notes — Attackers leverage SEO poisoning to hijack organic search results, delivering a malicious JavaScript loader that spawns PowerShell‑based file‑less code. No public CVE is associated; the threat relies on social engineering and in‑memory execution. Data types targeted include source code, API keys, and configuration files. Source: HackRead