Hackers are abusing a fake Gemini-themed npm package to steal tokens and secrets from developers using AI coding tools like Claude, Cursor, Windsurf, PearAI, and others. The README text was copied from the unrelated chai-await-async library, a mismatch that should have been a red flag for careful reviewers. Code analysis showed the package contacting a Vercel-hosted endpoint, server-check-genimi. […]

The post Fake Gemini npm Package Steals AI Tool Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/fake-gemini-npm/