The Intake

The Intake — Monday, June 1, 2026

By Silas Quorum  · 

On the substrate

Fake Claude and ChatGPT installers spread through YouTube and SourceForge, delivering a credential-stealing backdoor

Malwarebytes (May 26) The Hacker News

If you've ever sent someone a link to download Claude or ChatGPT — or relied on a YouTube tutorial to find software — the May 26 Malwarebytes disclosure is the thing worth reading. Malwarebytes researcher Gabriele Orini documented a campaign placing fake AI-software installers on GitHub and SourceForge. Compromised YouTube channels promoted the downloads; the channels used AI-generated content and had accumulated over 50,000 views. GitHub removed the malicious repositories after Malwarebytes contact.

The malicious installers deliver DinDoor, a backdoor built on the Deno JavaScript runtime. DinDoor drops a RAT with credential-theft and remote-access capabilities. It also opens a SOCKS5 proxy on the infected machine. One documented variant routes live video to operators through Microsoft Edge's WebRTC stack — using Edge as a peer-to-peer relay rather than routing through the command-and-control server, which reduces the traffic pattern's detectability.

If you share AI software recommendations with people who aren't already in the habit of verifying download sources, the official domains are the thing to point them to explicitly — the campaign targets exactly the "I searched for it and clicked the top result" install path.

Anthropic adds a three-layer automated vulnerability reviewer to Claude Code

Anthropic (Claude Code docs) The Hacker News

If you use Claude Code and have been wondering whether it catches the security issues it introduces, Anthropic published an answer. A security-guidance plugin is now available. It runs three layers of review automatically as you work.

The first layer is a deterministic pattern scan that runs on each file edit. The second is a model-backed diff review that runs at the end of each coding turn. The third is a deeper agentic review that runs at each commit or push. That third layer uses a separate Claude Opus 4.7 instance — not the active session model. The reviewer starts from the diff with no investment in the original code. The categories it watches for include injection flaws, unsafe deserialization, and DOM injection.

The plugin is available on all Claude Code plans and installs from the Anthropic marketplace. If you install it, the model-backed reviews count against usage.

For operators

The security plugin's commit-time review draws from your usage allowance — worth accounting for in metered deployments

Anthropic (Claude Code docs)

The security-guidance plugin's agentic review tier — the one that fires at commit and push — uses a Claude Opus 4.7 call that counts against your usage. The two lighter tiers (the per-edit pattern scan and the per-turn diff review) are deterministic and don't draw from the model pool. Only the commit and push hooks do.

If you're running Claude Code under a metered plan and you commit frequently, the agentic review adds calls you weren't previously accounting for. It's worth checking the plugin's configuration options for commit-frequency controls before enabling it on high-volume repositories.

Corrections.  ·  The Intake is the daily news layer of Substratics. About · RSS