Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware

Attackers are distributing counterfeit installers for ChatGPT, Claude, and other popular software on GitHub and SourceForge that deliver the DinDoor backdoor and a Deno-based remote access Trojan, according to Malwarebytes. Compromised YouTube channels with over 50,000 total views are driving victims to the malicious repositories. The campaign targets users seeking tools like AutoTune, Ableton Live, and ZENOLOGY, posing a significant supply-chain threat to developers and creatives.

Attackers are hosting counterfeit installers and plugins on GitHub and SourceForge that pose as widely used software, including ChatGPT, Claude, AutoTune, Kontakt, Ableton Live, and ZENOLOGY. The downloads deliver a backdoor called DinDoor, which then loads a remote access Trojan built on the Deno JavaScript runtime, according to Malwarebytes. Compromised YouTube channels push victims toward the malicious repositories. The videos promoting the fake tools have accumulated more than 50,000 views. The attackers rotate through GitHub … More https://www.helpnetsecurity.com/2026/05/27/deno-rat-malware-fake-chatgpt-claude-installers/ The post Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware https://www.helpnetsecurity.com/2026/05/27/deno-rat-malware-fake-chatgpt-claude-installers/ appeared first on Help Net Security https://www.helpnetsecurity.com .