[NEWSLETTER]score: 1.05
SEO-Poisoned Fake Anthropic Sites Deploy Fileless Infostealer Targeting Claude Code Users
June 1, 2026
Attackers are using SEO poisoning to surface spoofed Anthropic pages that deliver a fileless infostealer to Claude Code users, stealing browser credentials and exfiltrating data to Russian infrastructure.
HOW THIS AFFECTS YOU
●
builderClaude Code users and teams should verify download sources and enforce browser security policies — developer tooling is an active target for credential theft campaigns.
●
policySEO-poisoned impersonation of AI developer tools is an escalating threat vector, with state-linked infrastructure involved in at least this campaign.