Threats

Possible ACR Stealer From Page Impersonating Claude

SANS Internet Storm Center handler Brad Duncan documented a credential-stealing malware campaign that uses a fake webpage impersonating Anthropic's Claude AI platform as its distribution vector. The malware, identified as a possible ACR stealer variant, is designed to harvest credentials and sensitive data from compromised systems. The campaign exploits the growing popularity of AI tools, betting that users searching for Claude access will land on the malicious page and download the trojanized payload. This technique reflects a broader trend of threat actors co-opting trusted AI brand names to distribute malware, taking advantage of the rapid normalization of AI tool usage in both personal and enterprise environments. Organizations should ensure users access AI platforms only through official channels and verify URLs before downloading software.

View on Graph

Overview

  • SANS Internet Storm Center handler Brad Duncan documented a credential-stealing malware campaign that uses a fake webpage impersonating Anthropic’s Claude AI platform as its distribution vector.
  • The malware, identified as a possible ACR stealer variant, is designed to harvest credentials and sensitive data from compromised systems.
  • The campaign exploits the growing popularity of AI tools, betting that users searching for Claude access will land on the malicious page and download the trojanized payload.
  • This technique reflects a broader trend of threat actors co-opting trusted AI brand names to distribute malware, taking advantage of the rapid normalization of AI tool usage in both personal and enterprise environments.
  • Organizations should ensure users access AI platforms only through official channels and verify URLs before downloading software.

Sources