EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Phishing campaigns use fake Slack and Claude AI installers to gain stealthy access

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-16 09:26 UTCUpdated 2026-04-16 13:00 UTC
rss
phishingmalwareincident_response
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
A fake Slack download is giving attackers a hidden desktop on your machine
Malwarebytes Threat Analysis · News · malwarebytes.com · 2026-04-16 09:26 UTC
limited source diversity in top sources
View all evidence
Overview

Recent phishing campaigns have been identified using trojanized installers masquerading as legitimate Slack and Claude AI software.

Score total
0.96
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • Recent campaigns have targeted Slack and Claude installers, exploiting their popularity and trust.
  • These threats have been detected in both EU and US environments, indicating broad targeting.
  • Early detection by security teams prevents further compromise and highlights evolving phishing tactics.
Why it matters
  • Phishing campaigns leveraging trusted brands increase the risk of successful social engineering attacks.
  • Hidden desktop sessions enable attackers to operate undetected, compromising sensitive data and systems.
  • Managed detection and response services are critical to identifying and mitigating emerging phishing threats.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • Phishing campaigns use fake Slack installers that launch a working Slack app while creating a hidden desktop session for attackers.
  • A ClickFix phishing campaign uses a fake Claude installer to deliver attacks, detected in EU and US environments.
How sources frame it
  • Malwarebytes Threat Analysis: neutral
  • Rapid7 Blog: neutral
Merged two recent reports on phishing campaigns using fake installers for Slack and Claude AI to highlight evolving stealth tactics and detection successes.
All evidence
All evidence
ClickFix Phishing Campaign Masquerading as a Claude Installer
Rapid7 Blog · rapid7.com · 2026-04-16 13:00 UTC
A fake Slack download is giving attackers a hidden desktop on your machine
Malwarebytes Threat Analysis · malwarebytes.com · 2026-04-16 09:26 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • Rapid7 Blog (1)
  • Malwarebytes Threat Analysis (1)
Top origin domains (this list)
  • rapid7.com (1)
  • malwarebytes.com (1)