You must log in or # to comment.
I don’t have the capability to verify at the moment. But I suspect that a case I worked recently was related. A YouTube video was pointing people at a supposed plugin to make Claude free forever. The plugin was actually a Remote Access Trojan (RAT) and credential stealer. The initial loader was hosted on GitHub. The profile was fairly new and only had a couple updates, mostly adding the Trojan and README files.
