ACR Stealer Distributed via Fake Claude AI Desktop Site
- [01] Immediate impact: Users are lured into downloading malware that steals sensitive credentials, browser data, and cryptocurrency wallet information.
- [02] Affected systems: Windows workstations where users attempt to download a fake Claude AI desktop application from unofficial websites.
- [03] Remediation: Block access to known malicious domains and enforce strict software execution policies via endpoint security tools.
Threat Overview: Deceptive Lures Targeting AI Users
Threat actors are increasingly capitalising on the rapid adoption of artificial intelligence tools by creating deceptive websites that mimic legitimate AI service providers. According to SANS Internet Storm Center, a recent campaign has been observed impersonating the Claude AI platform from Anthropic. By leveraging the domain claudeai-desktop[.]com, attackers trick unsuspecting users into downloading what appears to be a desktop version of the Claude interface, which in reality is the ACR Stealer malware.
This campaign exploits the recent release cycle of official desktop applications for various AI models. Because users often search for standalone clients to improve their workflow, they become susceptible to Phishing results that appear high in search engine rankings or are distributed through social media ads. The malware involved, ACR Stealer, is a sophisticated information stealer designed to harvest high-value data from infected endpoints with minimal user interaction beyond the initial execution.
Technical Analysis: ACR Stealer Delivery and Execution
The attack begins when a user visits the fraudulent website and downloads a 13MB executable file disguised as a setup utility. The TTP used in this campaign relies heavily on brand impersonation. The website is crafted to look highly professional, mirroring the branding and aesthetic of Anthropic to lower the target’s suspicion.
Claude AI Impersonation Attack Analysis
A Claude AI impersonation attack analysis reveals that the attackers specifically registered a domain name that sounds plausible to a non-technical user. While Anthropic has official web and mobile applications, the demand for a dedicated Windows client provides the perfect vacuum for attackers to fill. Upon execution of the downloaded file, ACR Stealer performs several discovery actions to identify the host environment. It specifically targets browser-stored information, including saved passwords, autofill data, and session cookies from browsers such as Chrome, Edge, and Firefox.
To understand how to detect ACR Stealer malware, security analysts should focus on the file’s behaviour during the infection chain. The malware typically attempts to locate and read files within the AppData directory, specifically looking for subfolders related to cryptocurrency wallets and messaging applications like Discord or Telegram. It then packages this stolen data into a compressed archive before exfiltrating it to a remote C2 server.
Data Exfiltration and Impact
The impact of an ACR Stealer infection is significant, as it provides attackers with the initial access needed for Lateral Movement within a corporate network. By stealing session cookies, attackers can bypass multi-factor authentication (MFA) via session hijacking, granting them access to internal enterprise tools. The malware also prioritises cryptocurrency assets, scanning for local wallet extensions and private key files, which can result in immediate financial loss for the victim.
During the exfiltration phase, the malware communicates with its infrastructure via HTTP/HTTPS. Identifying the IoC associated with this campaign is essential for SOC teams. Analysts should monitor for outbound traffic to the IP address associated with the malicious domain and look for unsigned executables attempting to open sensitive browser database files (such as Login Data).
Recommendations for ACR Stealer Credential Theft Prevention
Implementing effective ACR Stealer credential theft prevention requires a multi-layered defence strategy. Organisations should ensure that EDR solutions are configured to alert on any unauthorised access to browser profile folders. Furthermore, the use of MITRE ATT&CK mapping can help defenders understand the specific techniques, such as T1005 (Data from Local System), used by infostealers during the collection phase.
Defenders should prioritise the following actions:
- Implement DNS filtering to block access to known malicious domains such as
claudeai-desktop[.]comand other newly registered domains mimicking popular AI services. - Enforce software restriction policies or AppLocker to prevent users from running unsigned executables downloaded from the internet.
- Encourage the use of enterprise-grade password managers that do not store credentials in easily accessible browser databases.
- Educate staff on the risks of third-party software clones and the importance of verifying download sources against official company documentation.
Advertisement