Fake Claude Code install guides push infostealers in InstallFix attacks

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users ...
SecurityWeek

Over 100 GitHub Repositories Distributing BoryptGrab Stealer

Distributed through over 100 GitHub repositories, the BoryptGrab stealer targets browser, wallet, system, and other user data ...
Microsoft

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. With nearly 900,000 installs and activity across more than 20,000 enterprise ...

APT28 hackers deploy customized variant of Covenant open-source tool

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.
SecurityWeek

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign

A newly discovered InstallFix campaign relies on malicious commands on cloned installation webpages to trick victims into installing malware.
XDA Developers on MSN

I automated my downloads folder with one script, and it hasn't needed attention since

One simple Python script transformed my chaotic downloads folder into a well-organized haven, eliminating the need for manual sorting.
PCMag on MSN

Phony Claude Code Install Guides Trick Vibe Coders Into Installing Malware

Dubbed InstallFix by Push Security, the scheme inserts instructions to download malware during the Claude Code install process on cloned websites.
GitHub

download_all_data.sh

# you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 DOWNLOAD ...