Fake Claude Code site served trojan — detected by Windows Defender as Trojan:Win32/Kepavll!rfn

A Reddit user on r/ClaudeAI reported that the first Google search result for "Claude Code" was a fake website with the exact same design language as the official Anthropic site. After downloading and running a PowerShell install command, Windows Defender caught the payload as Trojan:Win32/Kepavll!rfn.
What happened
- The user, who has been online since 1996 and works mostly on macOS, needed to use Claude Code on a rarely used Windows PC.
- Clicked the first Google result for "Claude Code" — the site looked identical to the official one.
- Ran the PowerShell install command (similar to the legitimate
iex (irm <url>)pattern) without verifying the URL. - Windows Defender immediately flagged the download as
Trojan:Win32/Kepavll!rfn.
How to avoid this
- Always check the domain: official Claude Code downloads are on
docs.anthropic.comor the official GitHub repository, not a lookalike. - For Windows, use
winget install ClaudeCodeor download the MSI directly from the official source. - Never run
iex (irm ...)from a search result — manually verify the URL before pasting into PowerShell.
📖 Read the full source: r/ClaudeAI
👀 See Also

Claude implements identity verification for certain use cases
Anthropic is rolling out identity verification for Claude through Persona Identities, requiring government-issued photo IDs and live selfies. The verification process takes under five minutes and is used to prevent abuse and comply with legal obligations.

OpenClaw Security: The Hardened Baseline You Should Start With
Self-hosting OpenClaw doesn't automatically make it secure. A Reddit post details the hardened baseline config: local-only Gateway, per-peer DM isolation, deny runtime/fs/automation tool groups, exec locked down, and mention-gated groups.

Claw Hub and Hugging Face hit with 575 malicious skill packages
Both Claw Hub and Hugging Face were compromised, hosting 575 malicious skill packages. Developers are warned to verify any skills they use from these platforms.

LiteLLM v1.82.8 Compromise Uses .pth File for Persistent Execution
LiteLLM v1.82.8 was compromised on PyPI and includes a .pth file that executes arbitrary code on every Python process startup, not just when the library is imported. The payload runs even if LiteLLM is installed as a transitive dependency and never used directly.