Cybercriminals Weaponize AI App Installers to Deliver DinDoor Backdoor

Cybercriminals are distributing a Deno-based backdoor (DinDoor) and a full-featured RAT by luring users with AI tool installers hosted on compromised YouTube-linked fake GitHub/SourceForge repositories; the malware chain uses MSI installers, PowerShell/CMD scripts, legitimate package managers (Scoop/WinGet) to install Deno/Bun, and enables data theft (50+ crypto wallet extensions, browsers, Telegram/Discord), covert C2 via WebSockets/SOCKS5 and live screen exfiltration via WebRTC. The report includes IOCs (malicious repository URLs and a distribution domain) and advises strict digital hygiene such as downloading only from official vendor sites and verifying signatures.