EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Fake AI tool sites and malicious packages target Claude and ChatGPT users

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-26 11:34 UTCUpdated 2026-05-27 15:44 UTC
rss
malwareexploitssecurity_toolingincident_response
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (3)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
Fake AI tool websites used to steal developer data
SC Media · News · scworld.com · 2026-05-26 22:51 UTC
View all evidence
Overview

A wave of cyberattacks is exploiting the popularity of AI tools like Anthropic's Claude and ChatGPT. Attackers use SEO poisoning to promote fake AI tool websites that steal developer data by redirecting users to typosquatted domains.

Entities
AnthropicGitHubSourceForgeClaudeChatGPT
Score total
1.23
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • Recent surge in fake AI tool websites using SEO poisoning to lure victims.
  • New malware strains found in counterfeit installers on popular code hosting platforms.
  • Discovery of npm package stealing files from Claude AI user directories raises urgency for vigilance.
Why it matters
  • AI tool users and developers are increasingly targeted by sophisticated malware campaigns.
  • Data theft from AI platforms can lead to significant privacy and security risks.
  • Awareness of fake sites and malicious packages is critical for incident prevention and response.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • Fake AI tool websites use SEO poisoning to steal developer data by redirecting to typosquatted domains.
  • Counterfeit ChatGPT and Claude installers on GitHub and SourceForge deliver DinDoor backdoor and Deno RAT malware.
  • Malicious npm package uploads files from Claude AI user directory to steal information.
How sources frame it
  • Help Net Security: neutral
  • The Hacker News: neutral
  • SC Media: neutral
Consolidated multiple reports on fake AI tool sites and malware targeting Claude and ChatGPT users into a coherent narrative highlighting ongoing threats.
All evidence
All evidence
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
thehackernews · thehackernews.com · 2026-05-27 15:44 UTC
Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware
Help Net Security · helpnetsecurity.com · 2026-05-27 11:50 UTC
Fake AI tool websites used to steal developer data
SC Media · scworld.com · 2026-05-26 22:51 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • thehackernews (1)
  • Help Net Security (1)
  • SC Media (1)
Top origin domains (this list)
  • thehackernews.com (1)
  • helpnetsecurity.com (1)
  • scworld.com (1)