Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers
Source: Gbhackers
Published:
<p>Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researcher