A convincing phishing campaign is targeting developers by impersonating Anthropic’s official Claude Code website, distributing malware disguised as the legitimate AI coding tool. The scam is sharp, well-constructed, and already catching people off guard.
As Lifehacker reported, the fraudulent site closely mimics the real Claude Code download page, replicating Anthropic’s branding, layout, and messaging with enough fidelity to fool even experienced developers who aren’t paying close attention. The goal is straightforward: trick users into downloading a malicious package instead of the genuine CLI tool.
Claude Code, for the uninitiated, is Anthropic’s command-line coding agent that lets developers use Claude directly in their terminal for tasks like code generation, debugging, and project management. It launched broadly in early 2025 and has gained serious traction among professional developers. That popularity is precisely what makes it an attractive target.
The attack vector here isn’t novel, but the execution is polished. Attackers registered a domain visually similar to Anthropic’s official site and built a near-pixel-perfect replica of the Claude Code landing page. When a developer visits the spoofed URL and follows the installation instructions, they end up running a compromised package that can exfiltrate data, install backdoors, or establish persistent access on the victim’s machine. Classic supply-chain attack logic applied to the AI tools boom.
This matters more than a typical phishing page because of how developers install CLI tools. The standard workflow involves copying a command from a website and pasting it directly into a terminal with elevated privileges. One wrong URL, one moment of inattention, and you’ve just executed arbitrary code on your development machine. No email attachment to scan. No browser warning to dismiss. Just a shell command that looks exactly right.
And the timing isn’t coincidental. Interest in AI coding assistants has surged throughout 2025, with tools from Anthropic, OpenAI, Google, and others competing aggressively for developer mindshare. Search traffic for terms like “Claude Code install” and “Claude CLI download” has spiked, creating a ripe environment for SEO poisoning and malicious ad placement that can push fake sites to the top of search results.
Security researchers have flagged similar campaigns targeting other popular developer tools in recent months. Typosquatting attacks on npm packages, fake VS Code extensions, and spoofed GitHub repositories have all become more frequent as attackers follow developer attention toward AI-powered tooling. The pattern is clear: wherever developers are rushing to adopt new tools, threat actors are right behind them.
So what should developers actually do? First, always install Claude Code through Anthropic’s verified channels. The official installation method uses npm — npm install -g @anthropic-ai/claude-code — and the package lives on the official npm registry. Don’t copy install commands from random websites, even if they look legitimate. Second, verify URLs character by character before trusting any download page. Bookmark the real site. Third, if you think you may have installed a compromised version, rotate any API keys and credentials that were accessible from your machine immediately, then audit your system for unauthorized processes or network connections.
Anthropic hasn’t issued a detailed public statement specifically about this campaign as of this writing, though the company’s documentation consistently directs users to its official channels for installation. The company does maintain a verified presence on npm, which remains the safest distribution point.
The broader lesson here extends beyond one phishing site. The developer tooling market is moving fast, with new AI-powered products launching weekly. That velocity creates information asymmetry — developers hear about a new tool, Google it, and grab the first plausible-looking download link. Attackers know this. They’re building infrastructure specifically to intercept that moment of intent.
Enterprise security teams should take note too. If individual developers on your team are experimenting with AI coding tools — and they almost certainly are — you need clear policies about approved installation sources and software vetting procedures. A single compromised developer workstation can become a beachhead into CI/CD pipelines, source code repositories, and production infrastructure.
Not a hypothetical risk. A real one, happening now.
For developers who want to verify they have the legitimate Claude Code installation, check the package signature against Anthropic’s published checksums and confirm the npm package source points to the official @anthropic-ai organization. If anything looks off, uninstall, scan your system, and start fresh from a known-good source.
The sophistication of these impersonation attacks will only increase as AI tools become standard parts of the development stack. Staying skeptical of download sources — even when they look perfect — is no longer optional. It’s baseline operational security.
WebProNews is an iEntry Publication