Fake Claude Code site served trojan — detected by Windows Defender as Trojan:Win32/Kepavll!rfn
A Reddit user on r/ClaudeAI reported that the first Google search result for "Claude Code" was a fake website with the exact same design language as the official Anthropic site. After downloading and running a PowerShell install command, Windows Defender caught the payload as Trojan:Win32/Kepavll!rfn.
What happened
- The user, who has been online since 1996 and works mostly on macOS, needed to use Claude Code on a rarely used Windows PC.
- Clicked the first Google result for "Claude Code" — the site looked identical to the official one.
- Ran the PowerShell install command (similar to the legitimate
iex (irm <url>)pattern) without verifying the URL. - Windows Defender immediately flagged the download as
Trojan:Win32/Kepavll!rfn.
How to avoid this
- Always check the domain: official Claude Code downloads are on
docs.anthropic.comor the official GitHub repository, not a lookalike. - For Windows, use
winget install ClaudeCodeor download the MSI directly from the official source. - Never run
iex (irm ...)from a search result — manually verify the URL before pasting into PowerShell.
📖 Read the full source: r/ClaudeAI
👀 See Also
Three open-source alternatives to litellm after PyPI supply chain attack
litellm versions 1.82.7 and 1.82.8 on PyPI were compromised with credential-stealing malware. Three open-source alternatives include Bifrost (Go-based, ~50x faster P99 latency), Kosong (agent-oriented from Kimi), and Helicone (AI gateway with analytics).
Claude models vulnerable to invisible Unicode character hijacking, especially with tool access
Testing shows Claude Sonnet 4 is 71.2% compliant with hidden instructions embedded in invisible Unicode characters when tools are enabled, with Opus 4 reaching 100% compliance on Unicode Tags encoding. Tool access dramatically increases vulnerability across all Claude models.
MCP Package Security Scan Reveals Widespread Destructive Capabilities Without Confirmation
A security scan of 2,386 MCP packages on npm found 63.5% expose destructive operations like file deletion and database drops without requiring human confirmation. The researcher discovered 49% had security issues overall, with 402 critical and 240 high severity vulnerabilities.
Unsecured Paperclip Instances Exposing Live Dashboards via Google Search
A Reddit user discovered a live Paperclip dashboard with full organizational data indexed by Google after searching for an error. The instance was publicly exposed without authentication, revealing org charts, agent conversations, task assignments, and business plans.