What Fake AI Installers Are and Why They Target Developers
Fake AI installers are malicious packages that pretend to be legitimate ChatGPT, Claude, or other popular tools, but secretly install Deno RAT malware to steal data, hijack browsers, and give attackers remote access to victims’ machines. In this campaign, attackers host counterfeit installers and plugins on GitHub and SourceForge, posing as ChatGPT, Claude, AutoTune, Kontakt, Ableton Live, and ZENOLOGY. Compromised YouTube channels with AI-generated videos funnel users to these repositories, and some videos promoting the fake tools have accumulated more than 50,000 views. Developers and power users are attractive targets because they are comfortable with terminals, scripts, and community tools, which makes the social engineering more convincing. The result is a GitHub malware threat that blends in with normal developer workflows, increasing the risk of crypto wallet theft, credential exposure, and hidden surveillance on systems used for coding and testing.
How Deno RAT Malware Infects Systems Through Trusted Tooling
The infection chain is crafted to look like a typical open-source setup process. Malicious GitHub repositories instruct visitors to open a terminal and paste a command that downloads an MSI installer or PowerShell script, with separate commands for Windows and macOS. The script installs Scoop and WinGet, then uses them to install the legitimate Deno runtime. Deno is next used to fetch and run the DinDoor backdoor from a remote server, with the next stage executed in memory via standard input so it never touches disk. DinDoor establishes persistence using a registry Run key, reports system details to a command-and-control server, and downloads further payloads. One payload is a Deno-based remote access Trojan previously tracked as Smokest, whose code similarities suggest it was built by the same author or team, reinforcing the idea of a maturing malware toolchain built around Deno.
Capabilities: Crypto Wallet Theft and Edge Browser Hijacking
Once installed, the Deno RAT gives attackers broad control and strong data theft capabilities. It can execute arbitrary commands and PowerShell scripts, capture screenshots, manage files, control processes, and open SOCKS5 proxy tunnels to pivot deeper into networks. Its stealer module targets more than 50 cryptocurrency wallet extensions and 10 wallet applications, including Atomic Wallet, Exodus, Electrum, and ByteCoin, making crypto wallet theft a central goal. It also harvests data from Chromium-based browsers such as Chrome, Brave, Edge, Opera, and Vivaldi, along with Telegram, Discord, and Lightcord. A standout feature is its screen surveillance: the RAT silently launches Microsoft Edge, connects using the Chrome DevTools Protocol, and injects a WebRTC page so Edge streams encrypted video frames of the victim’s screen directly to the attacker. This peer-to-peer streaming through a legitimate browser process helps the operator evade many network detection systems.
Why Legitimate Platforms Make These Attacks Hard to Spot
This campaign blends reliable platforms and common developer tools to hide in plain sight. GitHub and SourceForge lend automatic credibility, especially for developers used to community installers and experimental builds. The attackers rotate through GitHub accounts, spawning multiple repositories per account and refreshing lures as old ones are taken down, which keeps the fake AI installers discoverable despite removals. According to Malwarebytes, GitHub removed the flagged repositories after they were reported, but new ones are expected to appear. Using Scoop, WinGet, and the official Deno runtime makes the execution chain look normal to many endpoint defenses that focus on unsigned binaries or suspicious download domains. For teams concerned with supply chain security, this shows that even apparently harmless setup commands copied from GitHub can act as a delivery vehicle for stealthy Deno RAT malware and long-term system compromise.
Practical Protection: Verification, Detection, and Auditing for Developers
Developers and technical users can cut the risk by tightening basic hygiene and adopting supply chain security habits. Always verify official distribution channels for tools like ChatGPT and Claude, and avoid installers linked from random YouTube videos or anonymous GitHub accounts. On GitHub, check for repository verification badges, project history, and active maintainers before running any installation script. Treat commands that ask you to paste terminal one-liners with caution and review what they download and install, especially if they add package managers or runtimes like Deno. Once a tool is installed, audit for suspicious behavior: unexpected Edge processes, unusual registry Run keys, unexplained network traffic, or crypto browser extensions disappearing or behaving oddly. Regular endpoint monitoring, strict browser extension policies, and prompt removal of unneeded utilities all reduce the attack surface that fake AI installers and Deno RAT malware depend on.