The popularity of AI tools is at an all-time high, and cybercriminals are taking notice. A new campaign has been discovered where attackers are using a fake version of Claude Code the popular AI coding assistant to trick developers and IT professionals into installing malware. 

At Periscope, we believe staying secure starts with staying informed. Here is a simple, non-technical breakdown of how this attack works and how you can protect your team. 

How the Attack Works 

Think of this as a digital “trapdoor.” It isn’t a traditional virus that your computer might catch immediately; it’s a clever deception: 

• The Bait: Attackers create a website that looks exactly like an official download page for Claude Code. 

• The Hook: When a user clicks “Download,” they aren’t getting an AI tool. Instead, they trigger a hidden script using a legitimate Windows tool called mshta.exe. 

• The Stealth: Because mshta.exe is a standard Microsoft file, many basic antivirus programs trust it by default. This allows the malware to run “in memory” without ever saving a suspicious file to your hard drive. 

• The Theft: Once active, this “infostealer” quietly scrapes your browser for saved passwords, session tokens, and credit card info, sending it all back to the hackers. 

Why Developers are the Primary Target 

For a developer or a technical leader, a compromised laptop is a “skeleton key” to the entire company. If a hacker steals your active login tokens, they can often bypass Multi-Factor Authentication (MFA) because they are essentially “cloning” your already-logged-in session. 

This gives them direct access to: 

• Private Code Repositories (GitHub/GitLab). 

• Cloud Environments (AWS, Azure, or GCP). 

• Internal Systems containing sensitive customer data. 

The Periscope Defense Strategy 

You don’t need to be a cybersecurity genius to avoid this trap. Follow these simple, “Surgical” security steps: 

1. Verify the Source: Never download professional tools from a link in a random email or a third-party site. Always go directly to the official vendor’s domain (e.g., anthropic.com for Claude). 

2. Monitor Behavior, Not Just Files: Standard antivirus looks for “bad files.” Our Periscope Bundle approach looks for bad behavior like a system tool suddenly trying to talk to a random, unknown website. 

3. Zero Trust is Key: Treat every new download as “guilty until proven innocent.” If your team doesn’t need certain Windows tools (like mshta.exe), they should be restricted or heavily monitored. 

Is Your Team Currently Protected? 

Most companies only realize they’ve been targeted after the data is already gone. At Periscope, we help you find the “invisible” threats before they become breaches. 

We are currently offering a Free 14-Day Security Audit to scan your environment for these specific types of hidden vulnerabilities. It’s fast, non-disruptive, and provides total visibility into your endpoint security. 

Would you like me to set up a quick 10-minute walkthrough to show you how we scan for these hidden “Living off the Land” threats? 

• LinkedIn