Financially motivated threat actors are increasingly targeting software developers by impersonating popular AI coding assistants. In a newly uncovered campaign, attackers are leveraging SEO poisoning to surface fake installation pages for Gemini CLI and Claude Code, ultimately compromising enterprise networks with a sophisticated, fileless PowerShell infostealer. The campaign, initially spotted by independent threat researcher @g0njxa […]
The post Attackers Abuse SEO Poisoning to Spread Fake Gemini and Claude Installers appeared first on Cyber Security News.