A Top Google Search Result for Claude Plugins Was Planted by Hackers

Source: 404 Media

A top result on Google for people searching for Claude plugins sent users to a site that recently contained malicious code in an apparent attempt to steal their credentials.

The news shows how the explosion of interest in generative AI tools is giving hackers new ways to attack users.

-snip-

The phony Anthropic help site had swapped some of the Claude Code installation instructions for others, Foley pointed out. That included a line users could paste into their terminal to allegedly install the software on a Mac. The command included an obfuscated URL, hiding what its real destination was. When Foley decoded it, he found it downloaded software from another site entirely.

ThreatFox, a platform for sharing known instances of malware, recently flagged that domain as sharing a “stealer”, a type of malware that steals users credentials. ThreatFox linked that domain to the stealer as recently as a few days ago.

-snip-

Read more: https://www.404media.co/a-top-google-search-result-for-claude-plugins-was-planted-by-hackers/

---

That fake Anthropic help site was reachrd through an ad on Google for a Squarespace site with the title Install Claude Code - Claude Code Docs.

The ad, from an advertiser in Bulgaria who'd been verified by Google after providing legal documentation, has been remover.

But 404 Media points out that Claude's popularity means more hackers are using the AI's name as bait.