[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmt_YZqY6_japNNkEFZKyyIT-5eTpiYcONQlfk3ujcfI":3},{"article":4,"iocs":49},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":31,"category":32,"article_tags":36},"45b3c105-d106-4be0-a371-7ea598c1e10f","Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users","fake-anthropic-sites-deliver-fileless-infostealer-to-claude-code-users-43483c","Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection.","Threat actors are running a credential theft campaign targeting Claude Code users through SEO poisoning that leads to spoofed Anthropic websites. The attack uses a ClickFix lure to trick users into running a malicious mshta.exe command that deploys a fileless .NET infostealer, which steals browser credentials and connects to Russian C2 infrastructure. The campaign exploits the rapid adoption of AI coding tools among small business owners, entrepreneurs, and teachers who lack enterprise security protections.","Fake Anthropic sites deliver fileless infostealer to Claude Code users via ClickFix attack.","Security Malware Scams and FraudFake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection. byDeeba AhmedMay 30, 20262 minute read A new threat intelligence report by security research firm Cyderes has exposed an active credential theft campaign targeting first-time users of Anthropic’s Claude Code tool. Shared with Hackread.com, the findings show how threat actors exploit the rapid adoption of AI coding tools to compromise small business owners, entrepreneurs, and teachers who lack enterprise-grade protections. The ClickFix Attack Chain Cyderes’ research reveals that the attack begins with SEO poisoning; when a user searches for how to install the software, they are taken to a spoofed Anthropic page. They are then instructed to open the Windows Run dialog box (Win+R) and paste a malicious mshta.exe command. This is a classic ClickFix lure that helps the attackers establish hands-on keyboard execution to bypass automated sandbox analysis. The file mshta.exe, when executed, retrieves a 6.7 MB MP3\u002FHTA polyglot payload from download.version-516.com\u002Fclaude. This file runs two formats at once; it contains valid audio tags and cover art to pass file-type inspection, and also hides an embedded HTA script block, which is processed by mshta.exe after which the system runs the malicious script. In-Memory Execution According to Cyderes’ blog post, on the computer, this script immediately sets up a hidden task to open an older 32-bit version of Windows PowerShell instead of the 64-bit version. Researchers believe that the hackers specifically chose this version because modern Endpoint Detection and Response (EDR) systems usually only check the 64-bit version. After opening PowerShell, the malicious loader performs an AMSI bypass. It is a technique that basically turns off the Windows built-in script scanner to stay undetected. It then uses a secret key (BWJFEesMEqRvjQbm) to unlock its hidden code and mixes the victim’s computer name and username into a unique scrambled code. The last step is connecting to the internet to download a huge 17 MB script from oakenfjrodru. According to researchers, the hackers intentionally made this file so large to overwhelm security testing tools (called sandboxes) and make them crash. This process is carried out inside the computer’s temporary memory, so no files get saved to the hard drive, making the attack nearly invisible. Attack Flow and MP3\u002FHTA polyglot – VLC sees playable audio; mshta.exe (Source: Cyderes) Final Payload and Attribution A reflective .NET infostealer is embedded inside the Stage 3 script. By abusing the .NET Framework’s Assembly.Load(byte[]) feature, the loader manages to execute code directly within the existing PowerShell.exe address space so that the attack remains fileless. Now, the data stealing begins, where the infostealer accesses the browser credential store to steal saved data. It then connects to a C2 server at 185177239255:443 for sending the data. Researchers noted that this IP address routes directly to Russian infrastructure. Cyderes’ research team has confirmed that Anthropic itself hasn’t been compromised. The firm advises defenders to block wildcard queries to *.oakenfjrod.ru and monitor outbound network connections from mshta.exe to ensure individual workstations remain protected against this ongoing campaign. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts AIArtificial IntelligenceClaude CodeCyber AttackCybersecurityDevelopersFilelessInfostealerSEO Poisoning Leave a Reply Cancel reply View Comments (0) Related Posts Read More Cyber Crime Cyber Attacks Security North Korean Hackers Team Up with Play Ransomware in Global Attack State-Sponsored Espionage Meets Ransomware! byWaqas Cyber Crime Scams and Fraud Russian MP’s son and hacker jailed for 27 years in US A Russian hacker arrested in 2014 has been handed the longest-ever prison time in the history of U.S… byJahanzaib Hassan Read More Security Data Breaches Leaks Hacker Scrapes and Publishes 100,000-Line CrowdStrike IoC List USDoD hacker scrapes and leaks a 100,000-line Indicator of Compromise (IoC) list from CrowdStrike, revealing detailed threat intelligence… byWaqas News Android Security Surveillance Technology EarSpy Attack Can Use Motion Sensors Data to Pry on Android Devices An EarSpy attack is a proof of concept of a new type of attack on Android devices that exposes users to eavesdropping. byDeeba Ahmed","https:\u002F\u002Fhackread.com\u002Ffake-anthropic-sites-fileless-infostealer-claude-code-users\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Ffake-anthropic-sites-fileless-infostealer-claude-code-users.png","2026-05-30T17:13:59+00:00","2026-05-30T18:00:14.235265+00:00",9,[18,21,24,26,29],{"name":19,"type":20},"Anthropic","vendor",{"name":22,"type":23},"Claude Code","product",{"name":25,"type":23},"Windows PowerShell",{"name":27,"type":28},"mshta.exe","technology",{"name":30,"type":20},"Cyderes","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":31,"icon":33,"name":34,"slug":35},null,"Malware","malware",[37,42,47],{"category":38},{"id":39,"icon":33,"name":40,"slug":41},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":43},{"id":44,"icon":33,"name":45,"slug":46},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",{"category":48},{"id":31,"icon":33,"name":34,"slug":35},[50,54],{"type":51,"value":52,"context":53},"domain","download.version-516.com","Malicious payload delivery domain hosting 6.7 MB MP3\u002FHTA polyglot file",{"type":55,"value":56,"context":57},"ip","185.177.239.255","C2 server IP address on port 443 used to exfiltrate stolen credentials; routes to Russian infrastructure"]