← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - SEO poisoning campaign leverages Gemini and Claude Code impersonation to deliver infostealer
The Gemini CLI impersonation campaign was first publicly identified by independent threat researcher @g0njxa [1], whose initial discovery enabled analysis and infrastructure pivoting documented in this report. The infection chain begins with a Google search by a developer looking for the official Gemini CLI [2] or Claude Code [3] installation page. Threat actors use SEO poisoning to surface a fake domain at the top of search results, above the legitimate source. The victim clicks through, lands on a malicious page visually consistent with a genuine vendor installation guide and is prompted to execute a single command to complete the install.
Indicators of Compromise (95)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 04f0ef18a152f892ef0c43aa7d1499cd | MD5 of c47610c9df3fb101b0e99f2ac12589db653464edf12cebaa2c67fd33fc7715f3 | 2026-05-22 | |
| FileHash-MD5 | 1809abc619609494b0aee5257a71d097 | MD5 of a31ae1eef3261c36b465255e624fb7ac5899bf2a9823564ba792fac8346723aa | 2026-05-22 | |
| FileHash-MD5 | 1dcd3df471f2d5cc8626f2b5749aeb4c | MD5 of 2d9ecc9321994558d0cc0e9d3fa9fdf600bacfe8758976d34f26f89c33bd5007 | 2026-05-22 | |
| FileHash-MD5 | 2a36e01516929b5e2c43ed3f7bb137cd | MD5 of ff81cb9263fcde5870a0748fd6af2d30a4ba864415c15ca14827d0dd723eb60c | 2026-05-22 | |
| FileHash-MD5 | 2cc48b01d2b619a380de9d2253425979 | MD5 of 80ffc86673bd8c8bd5862bbe961323a822b23c94df48c685162c571445552faa | 2026-05-22 | |
| FileHash-MD5 | 33dad36c9aae34034a2e5f77848e5d81 | MD5 of a6525b37b0cc5339df375e17a0c10772b50c9d425001b0c3a9dada995c7f62dd | 2026-05-22 | |
| FileHash-MD5 | 34a9b024da31c3c54233f7da2021ef8a | MD5 of 0e8c45d847f57095d9879c0da764ab02431db4d5d85f50c4fd5ba38353b79eed | 2026-05-22 | |
| FileHash-MD5 | 39d6583973c4ea786604d3d561b3c41d | MD5 of 5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6 | 2026-05-22 | |
| FileHash-MD5 | 3ea526ca635e529084a7b7fd7a4976b7 | MD5 of 27e17661f5573f63b65e3a5cfe5bdca75acdc1911441b032781f7ebe125d9194 | 2026-05-22 | |
| FileHash-MD5 | 44d252dfa884371de5eb25c03d0c216a | MD5 of 2d7a94e4a0fedcf31cdd43b06222add9d1888fecb2c5488afc658d08c3f40116 | 2026-05-22 | |
| FileHash-MD5 | 5c44ec1a445cc07c3e9342e0364378ce | MD5 of dfd21a363f4994794f821d76ca61c834882a51b5c6f7b95627b70789462149e3 | 2026-05-22 | |
| FileHash-MD5 | 5ed543af8bbc8cad5824aafebd0387ac | MD5 of efbf87447d93f4232b1169920f75c2066d19863ebc28fb2d2662353dc4ef61d8 | 2026-05-22 | |
| FileHash-MD5 | 624fef07ec4c14ad4907d77fe4095610 | MD5 of 64d2a9a49e27d89f1b3489d7db29c3a3a12b4b090f59c24b694c239cb55db262 | 2026-05-22 | |
| FileHash-MD5 | 6270a752357120c8dcd050ee4ade3700 | MD5 of de34f2f93b74e049a08074c779a863a87a85a403594b8e220b1fba15112e6386 | 2026-05-22 | |
| FileHash-MD5 | 62fa052965c99b079843676878960f13 | MD5 of 1439d30ebeac3a6ccb9545acaa350783a83cc08746cb575e59ddb0efc77d412a | 2026-05-22 | |
| FileHash-MD5 | 763a239f477bbddeb71ac3d4d325356a | MD5 of 9c87e8162b39fbb773c416006b16f8e34aca53372d1b2d4a584df0ffc69ad333 | 2026-05-22 | |
| FileHash-MD5 | 7f18add4f0b21670874940278eae728d | MD5 of c416052c8ac6bfb78b7f0c46c568c528ead33501149661f1d9ecb1861269f8fa | 2026-05-22 | |
| FileHash-MD5 | 841d3850e34a88aca23c9a2169eb1452 | MD5 of be2ff065a232a3a6f187f9fb03a6c1b368dff3d2ba0966777b1f5503aa5ecd16 | 2026-05-22 | |
| FileHash-MD5 | 8e43af7bb1961e87e35cecd9c9dc39c7 | MD5 of b37ee243518221017bab0eb4b54b5431571cc21e54113698ce49a89b89993754 | 2026-05-22 | |
| FileHash-MD5 | a7012d46ab1f5fba4ff81f442848237d | MD5 of 65e1a542bb7d995cc4aa6c71191da125f14f99ca03da7266f5b071440d6d229a | 2026-05-22 | |
| FileHash-MD5 | a7ab9d4d174a2dece66c67a9a832ad22 | MD5 of ae8f70dad97fedecd707977ca22fd6f656c64c0dac96e03f0f4a6c04d0693f59 | 2026-05-22 | |
| FileHash-MD5 | a7eae5249c0930664bbf2aceaf2a9b08 | MD5 of ae9bc11adb457930d402844bd3bf3af8ea7c13fdb7ea269fbe73877b18af1ca8 | 2026-05-22 | |
| FileHash-MD5 | b387d3514d6a4d105b1c1d69f166e8eb | MD5 of aa350580ae5ea46544ffa15c324ab4225dff0dcc5842ac5ca8e2dc4018e5ffad | 2026-05-22 | |
| FileHash-MD5 | b4635eab8a7f368dd745b7b186a09ffc | MD5 of c213ce07b5791abd334ff749b5f05ecc6b40772d35ef4388b5f576bc3e619765 | 2026-05-22 | |
| FileHash-MD5 | bc877061ed233cd361e6a7dc1b1cdbc5 | MD5 of bb78f024c4d8b5a6a128aacb498acad025a234a6b25fde36ff2e14601134555f | 2026-05-22 | |
| FileHash-MD5 | d60817143c167a57c17593091ee446eb | MD5 of 89d634c8471382ff9c6fd966008ad5c376d7a0edae8f799eb569837170f2373d | 2026-05-22 | |
| FileHash-MD5 | d60fcb3e1160cdfbd5c32e641b0815d8 | MD5 of a1c5e1d9bdc1a931c11ac6fdfdff1fbc69ff88521cf443cb174f9720a05fe72d | 2026-05-22 | |
| FileHash-MD5 | ebe2d34a9c65ebf5fe11a588b35ab07b | MD5 of 5c6a2c73f59fd8defbf118f87e5c88ba62e3067f8e8c0ed104f3f188fa0d959d | 2026-05-22 | |
| FileHash-MD5 | fd1ef8429627e6616e7ea51f071e3656 | MD5 of 7c2a9ad5fcf489d1844f51830242f6dd9dfc203be6de3ceb07a4f6dd21c9f1a3 | 2026-05-22 | |
| FileHash-SHA1 | 064b5bea47c79598dc5db18dfa6f6b2d30f38a85 | SHA1 of 7c2a9ad5fcf489d1844f51830242f6dd9dfc203be6de3ceb07a4f6dd21c9f1a3 | 2026-05-22 | |
| FileHash-SHA1 | 07d285943263245d0382555501efa850ee78cafa | SHA1 of 9c87e8162b39fbb773c416006b16f8e34aca53372d1b2d4a584df0ffc69ad333 | 2026-05-22 | |
| FileHash-SHA1 | 2b1adbe3c4435d049053c8954f5d3f6aa3922a35 | SHA1 of 64d2a9a49e27d89f1b3489d7db29c3a3a12b4b090f59c24b694c239cb55db262 | 2026-05-22 | |
| FileHash-SHA1 | 2c8db80192ea6d063c0851633305ebd31923be28 | SHA1 of 27e17661f5573f63b65e3a5cfe5bdca75acdc1911441b032781f7ebe125d9194 | 2026-05-22 | |
| FileHash-SHA1 | 2e795073541fdb6451adb36c117a57d197b87285 | SHA1 of de34f2f93b74e049a08074c779a863a87a85a403594b8e220b1fba15112e6386 | 2026-05-22 | |
| FileHash-SHA1 | 3269b7c555b868bce5bae7fc7b4b8a55174ec221 | SHA1 of c47610c9df3fb101b0e99f2ac12589db653464edf12cebaa2c67fd33fc7715f3 | 2026-05-22 | |
| FileHash-SHA1 | 33c8c74294cd9cece97a2158a2533e992c8310bc | SHA1 of 65e1a542bb7d995cc4aa6c71191da125f14f99ca03da7266f5b071440d6d229a | 2026-05-22 | |
| FileHash-SHA1 | 521f0095955693705a9055ebc86ce8cf980b1153 | SHA1 of a6525b37b0cc5339df375e17a0c10772b50c9d425001b0c3a9dada995c7f62dd | 2026-05-22 | |
| FileHash-SHA1 | 5b89c67bf6f3fe527ecd3c089baff57cb66ce4bf | SHA1 of c416052c8ac6bfb78b7f0c46c568c528ead33501149661f1d9ecb1861269f8fa | 2026-05-22 | |
| FileHash-SHA1 | 649b251aae380d33fe2e0e979d86b1f783c8457e | SHA1 of 5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6 | 2026-05-22 | |
| FileHash-SHA1 | 6fb16aa53e1f6b25168e98bce93771b8038681b1 | SHA1 of 89d634c8471382ff9c6fd966008ad5c376d7a0edae8f799eb569837170f2373d | 2026-05-22 | |
| FileHash-SHA1 | 6fef105ec37841282121ba1c01c92236097aaf79 | SHA1 of be2ff065a232a3a6f187f9fb03a6c1b368dff3d2ba0966777b1f5503aa5ecd16 | 2026-05-22 | |
| FileHash-SHA1 | 80dfa6db38a51bcd55c5123ceb3b444fc6dddf4f | SHA1 of 2d7a94e4a0fedcf31cdd43b06222add9d1888fecb2c5488afc658d08c3f40116 | 2026-05-22 | |
| FileHash-SHA1 | 88969a3b5b312cbc9e436169a9086fc4eafe3464 | SHA1 of ae9bc11adb457930d402844bd3bf3af8ea7c13fdb7ea269fbe73877b18af1ca8 | 2026-05-22 | |
| FileHash-SHA1 | 88b103b8d907b3df3910836092d57632ef2c74fa | SHA1 of efbf87447d93f4232b1169920f75c2066d19863ebc28fb2d2662353dc4ef61d8 | 2026-05-22 | |
| FileHash-SHA1 | 8f6941f7c5dccb1bcc9c141a334f2a947739b377 | SHA1 of a31ae1eef3261c36b465255e624fb7ac5899bf2a9823564ba792fac8346723aa | 2026-05-22 | |
| FileHash-SHA1 | 90e8c7aa689ebf7f390e44bed03ae7480914d1a8 | SHA1 of a1c5e1d9bdc1a931c11ac6fdfdff1fbc69ff88521cf443cb174f9720a05fe72d | 2026-05-22 | |
| FileHash-SHA1 | 93fb3e5598d21a224c653314ceb7a4305b6ee121 | SHA1 of bb78f024c4d8b5a6a128aacb498acad025a234a6b25fde36ff2e14601134555f | 2026-05-22 | |
| FileHash-SHA1 | a05aedfc0906ea392cd182cc75163cba0646d419 | SHA1 of ff81cb9263fcde5870a0748fd6af2d30a4ba864415c15ca14827d0dd723eb60c | 2026-05-22 | |
| FileHash-SHA1 | afd37b921bb7552a9f854da5e66e61f49ecdf420 | SHA1 of c213ce07b5791abd334ff749b5f05ecc6b40772d35ef4388b5f576bc3e619765 | 2026-05-22 | |
| FileHash-SHA1 | b2b8eab958b77555160c95d89c7b5915f7d48a34 | SHA1 of b37ee243518221017bab0eb4b54b5431571cc21e54113698ce49a89b89993754 | 2026-05-22 | |
| FileHash-SHA1 | b5ef17ade981092376b1815d94ecdaddb8718420 | SHA1 of 80ffc86673bd8c8bd5862bbe961323a822b23c94df48c685162c571445552faa | 2026-05-22 | |
| FileHash-SHA1 | bc199ad0581cd90e8b532385996fe58af94d1439 | SHA1 of 1439d30ebeac3a6ccb9545acaa350783a83cc08746cb575e59ddb0efc77d412a | 2026-05-22 | |
| FileHash-SHA1 | c665a21a8497ceeb700a17154938b2e8d85281a5 | SHA1 of aa350580ae5ea46544ffa15c324ab4225dff0dcc5842ac5ca8e2dc4018e5ffad | 2026-05-22 | |
| FileHash-SHA1 | d094fba06ede63de45471f6ae656716e8c0f9571 | SHA1 of 5c6a2c73f59fd8defbf118f87e5c88ba62e3067f8e8c0ed104f3f188fa0d959d | 2026-05-22 | |
| FileHash-SHA1 | e11cc0e79307a6237a6660d48988402fad6d3c6a | SHA1 of 0e8c45d847f57095d9879c0da764ab02431db4d5d85f50c4fd5ba38353b79eed | 2026-05-22 | |
| FileHash-SHA1 | e50aa51262843ade2dbd1752050aaf46b8ee3165 | SHA1 of dfd21a363f4994794f821d76ca61c834882a51b5c6f7b95627b70789462149e3 | 2026-05-22 | |
| FileHash-SHA1 | e5beebbf996dd9984c2580bb80e2ee194ebbd57a | SHA1 of 2d9ecc9321994558d0cc0e9d3fa9fdf600bacfe8758976d34f26f89c33bd5007 | 2026-05-22 | |
| FileHash-SHA1 | ed40a4543c6df04e3de2007b52fef4b6029a1032 | SHA1 of ae8f70dad97fedecd707977ca22fd6f656c64c0dac96e03f0f4a6c04d0693f59 | 2026-05-22 | |
| FileHash-SHA256 | 0e8c45d847f57095d9879c0da764ab02431db4d5d85f50c4fd5ba38353b79eed | — | 2026-05-22 | |
| FileHash-SHA256 | 1439d30ebeac3a6ccb9545acaa350783a83cc08746cb575e59ddb0efc77d412a | — | 2026-05-22 | |
| FileHash-SHA256 | 27e17661f5573f63b65e3a5cfe5bdca75acdc1911441b032781f7ebe125d9194 | — | 2026-05-22 | |
| FileHash-SHA256 | 2d7a94e4a0fedcf31cdd43b06222add9d1888fecb2c5488afc658d08c3f40116 | — | 2026-05-22 | |
| FileHash-SHA256 | 2d9ecc9321994558d0cc0e9d3fa9fdf600bacfe8758976d34f26f89c33bd5007 | — | 2026-05-22 | |
| FileHash-SHA256 | 5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6 | — | 2026-05-22 | |
| FileHash-SHA256 | 5c6a2c73f59fd8defbf118f87e5c88ba62e3067f8e8c0ed104f3f188fa0d959d | — | 2026-05-22 | |
| FileHash-SHA256 | 64d2a9a49e27d89f1b3489d7db29c3a3a12b4b090f59c24b694c239cb55db262 | — | 2026-05-22 | |
| FileHash-SHA256 | 65e1a542bb7d995cc4aa6c71191da125f14f99ca03da7266f5b071440d6d229a | — | 2026-05-22 | |
| FileHash-SHA256 | 7c2a9ad5fcf489d1844f51830242f6dd9dfc203be6de3ceb07a4f6dd21c9f1a3 | — | 2026-05-22 | |
| FileHash-SHA256 | 80ffc86673bd8c8bd5862bbe961323a822b23c94df48c685162c571445552faa | — | 2026-05-22 | |
| FileHash-SHA256 | 89d634c8471382ff9c6fd966008ad5c376d7a0edae8f799eb569837170f2373d | — | 2026-05-22 | |
| FileHash-SHA256 | 9c87e8162b39fbb773c416006b16f8e34aca53372d1b2d4a584df0ffc69ad333 | — | 2026-05-22 | |
| FileHash-SHA256 | a1c5e1d9bdc1a931c11ac6fdfdff1fbc69ff88521cf443cb174f9720a05fe72d | — | 2026-05-22 | |
| FileHash-SHA256 | a31ae1eef3261c36b465255e624fb7ac5899bf2a9823564ba792fac8346723aa | — | 2026-05-22 | |
| FileHash-SHA256 | a6525b37b0cc5339df375e17a0c10772b50c9d425001b0c3a9dada995c7f62dd | — | 2026-05-22 | |
| FileHash-SHA256 | aa350580ae5ea46544ffa15c324ab4225dff0dcc5842ac5ca8e2dc4018e5ffad | — | 2026-05-22 | |
| FileHash-SHA256 | ae8f70dad97fedecd707977ca22fd6f656c64c0dac96e03f0f4a6c04d0693f59 | — | 2026-05-22 | |
| FileHash-SHA256 | ae9bc11adb457930d402844bd3bf3af8ea7c13fdb7ea269fbe73877b18af1ca8 | — | 2026-05-22 | |
| FileHash-SHA256 | b37ee243518221017bab0eb4b54b5431571cc21e54113698ce49a89b89993754 | — | 2026-05-22 | |
| FileHash-SHA256 | bb78f024c4d8b5a6a128aacb498acad025a234a6b25fde36ff2e14601134555f | — | 2026-05-22 | |
| FileHash-SHA256 | be2ff065a232a3a6f187f9fb03a6c1b368dff3d2ba0966777b1f5503aa5ecd16 | — | 2026-05-22 | |
| FileHash-SHA256 | c213ce07b5791abd334ff749b5f05ecc6b40772d35ef4388b5f576bc3e619765 | — | 2026-05-22 | |
| FileHash-SHA256 | c416052c8ac6bfb78b7f0c46c568c528ead33501149661f1d9ecb1861269f8fa | — | 2026-05-22 | |
| FileHash-SHA256 | c47610c9df3fb101b0e99f2ac12589db653464edf12cebaa2c67fd33fc7715f3 | — | 2026-05-22 | |
| FileHash-SHA256 | de34f2f93b74e049a08074c779a863a87a85a403594b8e220b1fba15112e6386 | — | 2026-05-22 | |
| FileHash-SHA256 | dfd21a363f4994794f821d76ca61c834882a51b5c6f7b95627b70789462149e3 | — | 2026-05-22 | |
| FileHash-SHA256 | efbf87447d93f4232b1169920f75c2066d19863ebc28fb2d2662353dc4ef61d8 | — | 2026-05-22 | |
| FileHash-SHA256 | ff81cb9263fcde5870a0748fd6af2d30a4ba864415c15ca14827d0dd723eb60c | — | 2026-05-22 | |
| domain | chocolatey.net | — | 2026-05-22 | |
| domain | claude-setup.com | — | 2026-05-22 | |
| domain | get-monero.co.uk | — | 2026-05-22 | |
| domain | keepassxc.us.org | — | 2026-05-22 | |
| domain | olive3451.com | — | 2026-05-22 | |
| hostname | api.bio9438.com | — | 2026-05-22 | |
| hostname | events.ms709.com | — | 2026-05-22 | |
| hostname | metrics.msft17.com | — | 2026-05-22 |