Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection […]

The post Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.