The AI Assistant I Installed Was a Hacker's Spy? The Ugly Truth of AI Security Revealed by the Microsoft GitHub Incident

Imagine this. Early in the morning, to finish your work twice as fast as usual, you try to install the latest AI assistant program on your computer, which has recently become highly popular among office workers. As soon as you search for the AI’s name in the Google search bar, a link that looks like the official website appears at the very top of the first page. You visit the site, copy a single line of installation command written on the screen, paste it directly into your computer, and press Enter. A message saying “Installation complete” pops up along with a familiar logo, and you take a sip of coffee feeling good that you’ve gained a reliable assistant. But in that mere split second, before you even noticed, your email password, automatic login credentials for banking sites, and even all the access rights to your company’s secure servers have completely fallen into the hands of hackers on the other side of the globe.

This is not a fictional movie scenario made up to grab your attention. This is exactly what is actually happening right now in 2026 to countless people who routinely use the cutting-edge AI tools created by giant tech companies like Google and Anthropic, as well as within the Microsoft ecosystem, which should boast world-class security. Recently, Microsoft faced an unprecedented crisis of having to forcibly shut down related projects after discovering signs of massive data leaks in its GitHub repositories Microsoft Hacked to Deliver Malware to Claude and Gemini Users. We will thoroughly explain the full story of this shocking hacking incident, why on earth such an absurd event occurred, and how we must deal with this invisible threat in a way that anyone can easily understand.

Why It Matters

Just a few years ago, the word artificial intelligence was a complex and distant technology handled only by scientists in labs or genius software engineers in Silicon Valley. But now, AI has completely entered our daily lives. Generative AI tools like Google’s ‘Gemini’ and Anthropic’s ‘Claude’ act as powerful ‘virtual omnipotent assistants’ that help office workers write project proposals, translate complex foreign language documents in an instant, and even allow beginners to easily write computer program code. Thanks to this overwhelming convenience, countless developers and general corporate users around the world are competitively installing these AI tools on their work computers.

The reason why this Microsoft hacking incident is truly frightening and important is that the hackers did not directly attack the core framework of AI technology itself, which is too strong to break. Instead, they perfectly weaponized human psychology: the ‘enthusiasm and blind trust of people in new and brilliant technology’. According to intensive investigations by cybersecurity researchers and media reports, even Microsoft, the world’s largest software company, had to launch an emergency investigation, shutting down its open-source GitHub (a massive online library where tens of millions of developers worldwide store, modify, and share code together) repositories related to its Azure cloud service and AI coding agents Microsoft’s open source tools were hacked to steal passwords ….

According to a Microsoft spokesperson officially speaking to a cybersecurity media outlet, attackers cunningly planted malware that secretly scrapes login credentials (such as passwords) stored on computers when ordinary users run AI coding tools like ‘Claude Code’ or ‘Gemini CLI’ Microsoft Hacked to Deliver Malware to Claude and Gemini Users. Here, CLI (Command Line Interface) refers to a method of giving instructions to a computer by directly typing text commands into a black terminal window, rather than the familiar mouse-click-based interface. It is an environment mostly used by professionals who prioritize speed and efficiency.

The Explainer

Then, how did these smart users and companies dealing with cutting-edge technology fall so helplessly into the hackers’ trap? Let us explain the two core hacking techniques the hackers used to perfectly deceive people in this attack by comparing them to everyday situations in a very easy-to-understand way.

1. SEO Poisoning and Typosquatting: “A Fake Restaurant with the Exact Same Sign as the Real One”

Researchers from EclecticIQ, a specialized cybersecurity firm, analyzed that this massive hacking attack was the result of a meticulously orchestrated global ‘SEO Poisoning’ campaign Fake Google Gemini and Claude Code Pages Used to Deliver …. Does it feel a bit difficult because of the technical terms? Let’s use an analogy.

Metaphorically, you opened the map app on your smartphone and searched for the name of a famous premium beef restaurant to visit with your family after a long time. The restaurant appeared at the very top of the search results with glowing reviews, and you followed the navigation without any suspicion. Upon arrival, the sign’s design, the interior decor, and even the font on the menu were perfectly identical to the real restaurant you saw on the internet. You finished your meal happily and handed over your card to pay. But in reality, that place was not the real restaurant; it was a ‘fake restaurant’ temporarily built on the street corner by a gang of robbers who cleverly changed just one letter in the name. The moment you handed over your card, all the information in your wallet fell into the hands of the robbers.

2. Swapping the One-Liner Command: “Poison Secretly Put into a Famous Chef’s Sauce Packet”

Where We Stand

Once this spy program breaches the computer’s defenses and enters inside, it maintains its vitality much more cunningly and persistently than expected. According to an in-depth analysis by Malwarebytes, a renowned security solution provider, the malicious script (VBScript, a tool that can issue powerful commands within the Windows system) that secretly infiltrated the user’s computer via the fake Claude site uses highly deceptive tactics to hide itself.

The process of siphoning the stolen treasure-like data back to their headquarters was also carried out under thorough disguise. The hackers did not lazily trade the stolen goods on a second-hand market like Craigslist. They disguised it perfectly as if using a conglomerate’s logistics network. The address of the so-called ‘C2 Server (Command and Control Server, the hackers’ central control headquarters that remotely controls numerous infected zombie computers and gathers stolen data)’ they built to transmit the stolen personal information was cunningly set as events[.]msft23[.]com SEO poisoning campaign leverages Gemini and Claude Code impersonation to deliver infostealer. ‘msft’ is an acronym conventionally used to abbreviate Microsoft in the IT industry worldwide. When administrators guarding corporate networks or security programs monitor the computer’s communication logs and see this address, they are misled into thinking that normal system data is coming and going to a legitimate official event server hosted by Microsoft, thereby leisurely slipping through the security surveillance net. Based on the source code of this malware, the structural characteristics of the server receiving the data, and the consistency of the social engineering tactics that manipulate human psychology, security experts are convinced that the hacker group wearing the shell of Gemini also attacked the users of Anthropic’s Claude Code in perfectly the same way SEO poisoning campaign leverages Gemini and Claude Code impersonation to deliver infostealer.

What’s Next

This incident is a painful warning letter clearly demonstrating what a flimsy and dangerous sandcastle the explosively grown AI industry that has swept the world is built upon. We can fully gauge how severe the matter is just by looking at the fact that Microsoft, the world’s top company, went as far as losing face to forcibly lock down its core assets, the GitHub open-source repositories, and launch an internal investigation into the cause Microsoft Hacked to Deliver Malware to Claude and Gemini Users.

In the future, the global software industry and cloud service companies will face a severe crisis of trust. It is highly likely that significantly stronger identity verification and rigorous code vetting procedures, on a completely different level from now, will be mandatorily introduced for every routine action of developers and ordinary users downloading, copying, and executing code on their computers from the vast ocean of the internet. Companies will have to overhaul their systems toward building strong security control systems, even if it means partially giving up the free culture of open source that used convenience as a weapon.

However, before waiting for corporate systems to become perfect, an urgent shift in awareness is also required from us users who must turn on our computers again for work tomorrow morning. Through this incident, we have painfully learned that just because a site is searched at the very top of a portal site, there is no guarantee anywhere in the world that it is the real official homepage. Before we newly invite an excellent, cutting-edge AI assistant that will dramatically help our work onto our computer, we must fiercely doubt and inspect with a magnifying glass whether the web address written on the ‘business card’ handed by that assistant is truly google.com or gemini-setup.com, cunningly crafted by twisting the spelling. No matter how magical the world has become where AI reads papers and writes code on its own, ultimately, the one who opens the tightly closed gates of my computer to hackers is the very finger of the user who mindlessly copies and clicks commands. We must never forget the fact that the ultimate shield protecting our precious digital assets is not the most outstanding artificial intelligence, but our very old and analog ‘caution’.

AI’s Take

MindTickleBytes AI Reporter’s View: The more dazzlingly technology advances and makes human life miraculously convenient, the more it provides hackers with vast and fertile hunting grounds that were previously unimaginable. We have entered an era where, as much as hastily adopting cutting-edge innovative tools, the ‘basics of security’—persistently questioning and doubting the true source of the tool I intend to rely on—is the most critical factor determining an individual’s digital survival. We cheer and welcome new AI innovations every day, but we must keep in mind that behind those innovations, an invisible threat aiming to exploit our carelessness is always lurking.

References

1. Microsoft Hacked to Deliver Malware to Claude and Gemini Users

2. [Fake Claude site installs malware that gives attackers access to your computer

   Malwarebytes](https://www.malwarebytes.com/blog/scams/2026/04/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer)

3. [Researchers Uncover SEO-Poisoned Sites Delivering Infostealers

   Let’s Data Science](https://letsdatascience.com/news/researchers-uncover-seo-poisoned-sites-delivering-infosteale-ae66bf20)

4. SEO poisoning campaign leverages Gemini and Claude Code impersonation to deliver infostealer
5. Fake Gemini and Claude Code Sites Spread Infostealers - Infosecurity Magazine

6. [They Hacked Claude, Gemini, and Copilot (And No One Told You)

   grith](https://grith.ai/blog/we-hacked-claude-gemini-copilot)

7. [Fake Claude Code install pages hit Windows and Mac users with infostealers

   Malwarebytes](https://www.malwarebytes.com/blog/news/2026/03/fake-claude-code-install-pages-hit-windows-and-mac-users-with-infostealers)

8. Microsoft’s open source tools were hacked to steal passwords …
9. Fake Google Gemini and Claude Code Pages Used to Deliver …