Hackers Use Fake ChatGPT and Claude Installers to Deploy DinDoor Backdoor

A widespread campaign is distributing the DinDoor backdoor and a Deno-based RAT by hosting convincing fake installers and plugins on trusted platforms (GitHub, SourceForge) and driving traffic with compromised YouTube channels; the malware steals browser and crypto wallet data, establishes persistent access, enables remote control and hidden screen streaming via a hijacked Edge process, and uses techniques (Scoop/WinGet, Cloudflare Workers) to evade detection. Multiple IoCs (malicious repositories, domains, and IPs) are provided to support detection and response.