Hackers fake Gemini CLI, Claude installers

GBHackers reported on May 23 that financially motivated attackers were using SEO-poisoned search results to impersonate Google’s Gemini CLI and Anthropic’s Claude Code, pushing malicious installers to developers looking for terminal AI tools. The report said the campaign delivered a fileless PowerShell infostealer to developer workstations worldwide. Google and Anthropic both maintain official pages for Gemini CLI and Claude Code, which the attackers were mimicking in search-driven download flows. ### How did the attackers get in front of developers? GBHackers said the operators used SEO poisoning, a tactic that manipulates search visibility so malicious pages appear where users expect legitimate download results. In this case, the lure was straightforward: developers searching for Gemini CLI or Claude Code installers were redirected toward counterfeit download pages rather than official vendor documentation. (gbhackers.com) Google’s official Gemini CLI documentation and GitHub repository show that the tool is distributed through Google-controlled documentation and the `google-gemini` GitHub project. Anthropic’s official Claude Code materials similarly route users through Anthropic-owned product and learning pages. That made the fake installer pages plausible enough to target users already looking for real command-line tooling. (gbhackers.com) ### What was the malware doing after installation? GBHackers said the payload was a fileless PowerShell infostealer, a technique designed to reduce obvious disk artifacts while pulling data from the victim machine. The report said the targets were developer workstations, which typically hold credentials, tokens, shell history, repositories and access to cloud or code infrastructure. April and May reporting from the same outlet described related campaigns around fake Gemini- and Claude-themed packages and installers that sought tokens and secrets from developers using AI coding tools. (docs.cloud.google.com) Those earlier reports said attackers were already abusing interest in fast-growing developer AI products to steal access material rather than deploy noisier malware families. ### Why were Gemini CLI and Claude Code useful disguises? (gbhackers.com) Google describes Gemini CLI as an open-source AI agent that brings Gemini into the terminal, while Anthropic describes Claude Code as an agentic coding system that can understand codebases, make changes across files and complete development tasks. Both products are aimed at developers and are used close to source code, shells and local credentials. Anthropic has also published security work around making Claude Code more autonomous with sandboxing, including filesystem and network isolation. (gbhackers.com) That official emphasis on autonomy and local execution helps explain why installers for these products would be attractive bait: a successful compromise lands on machines that often sit near source code, secrets and deployment paths. ### What should developers check before installing tools? (github.com) Google’s Gemini CLI documentation points users to official install and quickstart pages, and the project repository lists the expected package name and documentation path. Anthropic’s Claude Code product and developer pages likewise provide official entry points for access and setup. Developers comparing search results against those vendor-controlled pages would have a concrete way to verify provenance before running installers or shell commands. (anthropic.com) GBHackers published its report on May 23, and the official Google and Anthropic pages remain the reference points for current installation paths. Any follow-up from the vendors or new indicators tied to the campaign would most likely appear first on those documentation, product or security channels. (gbhackers.com) (docs.cloud.google.com)