this post was submitted on 23 Apr 2026
371 points (97.4% liked)

Technology

84069 readers
2962 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
371
Researcher claims Claude Desktop installs “spyware” on macOS (www.malwarebytes.com)
submitted 2 days ago by throws_lemy@reddthat.com to c/technology@lemmy.world
64 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] terabyterex@lemmy.world 127 points 2 days ago* (last edited 1 day ago) (7 children)

This blog is on the malwarebytes website. Mslwarebytes says in thr post thst its not fair to call this spyware. This was brought up on the windows side as well.

What is really going on: claude desktop is installing the hooks for the claude browser extension. If you install the browser extension, claude desktop can control the browser. This is the intended behavior so you can have an agent do something like "in the morning, access these three sites, pull down the data and create a newsletter for me" or "please check flight costs throughout the day on these sites" or whatever you want to access the browser for.

This is the whole reason you install claude desktop, to automate your computer.

[–] midribbon_action@lemmy.blahaj.zone 53 points 2 days ago

The article says that is the intended use, I agree this is just bad implementation, but it's bad because it not only allows control one way, from the app to the browser, it also allows it the other way: browser extensions with an ID that matches one of the allowed ones can access userspace, without asking. That is a huge attack surface that is installed without any consent.

[–] TootGuitar@sh.itjust.works 22 points 2 days ago* (last edited 2 days ago) (1 children)

I agree that this doesn’t rise to the level of “spyware,” but it is extra sneaky/slimy, and it absolutely, IMO, makes your system less secure for no good reason. They could just have a prompt in the UI the first time you attempt to use a feature that requires the native messaging host, which says something like “we need to install extra software to communicate with Chrome, OK?” This is the ethical thing to do.

It’s especially sketchy that they’re preemptively installing it in the right directories for multiple Chromium-based browsers, even ones that aren’t installed on your system.

[–] terabyterex@lemmy.world 2 points 2 days ago (1 children)

Its not sketchy just lazy. One observation i have made eith anthropic is that they are great at amking a model but louzy at app development. There apps tend to have that "scientist learned python to help them at work" vibe. Which is always a security nightmare.

[–] TootGuitar@sh.itjust.works 12 points 2 days ago (2 children)

I disagree, it’s definitely sketchy. Going out of your way to install the messaging host for a half dozen different Chromium forks is going out of your way do something behind the user’s back; it’s the opposite of lazy.

[–] terabyterex@lemmy.world 1 points 2 days ago (1 children)

i think a lot of their stuff is ai coded.

[–] TootGuitar@sh.itjust.works 1 points 1 day ago

That’s not really relevant to the point I’m making.

[–] MrQuallzin@pie.eyeofthestorm.place -1 points 2 days ago (2 children)

I imagine it's more of a vibe-coded "make sure the end users have all the files they'll need to be ready to go" prompt, and it's Claude that "decided" to just have all the files from the get-go

[–] homesweethomeMrL@lemmy.world 4 points 1 day ago

I think that's too generous. As if they didn't think about this.

[–] TootGuitar@sh.itjust.works 1 points 1 day ago (1 children)

Ah yes let’s wildly speculate about how they may or may not be writing software.

[–] MrQuallzin@pie.eyeofthestorm.place 1 points 1 day ago (1 children)

Is that not what we were doing? I'm not disagreeing that it's scummy that they're installing unnecessary files, just speculating that's it's ineptitude rather than malicious. Hanlon's Razor and all that. Considering the downvotes on my comment I may have misread your comment.

[–] TootGuitar@sh.itjust.works 1 points 5 hours ago

I was responding to a comment that said “it’s not sketchy just lazy.” Anthropic is shipping a piece of software that shares some of the qualities of adware/malware. I don’t need to know or speculate how that software was written to be able to call that sketchy, and I certainly am going to hold Anthropic responsible for that regardless of how it was made.

Put another way, if LLMs didn’t exist, and they had an intern write the code in this way, I would still call it sketchy. It might also be lazy! But none of us know how it was written, so I’m not going to speculate on that.

[–] criss_cross@lemmy.world 14 points 2 days ago

I would not assume a chatbot app would auto create hooks into a browser like this. That’s not a reasonable assumption to make.

[–] homesweethomeMrL@lemmy.world 7 points 1 day ago

It also uses your credentials to do so and doesn't ask any permissions for any of it including whatever else it wants to do outside the browser sandbox where it lives. Anthropic can easily remedy the situation but they didn't set it up that way. And the question is why.

Not calling it spyware is like not calling McDonald's "food". While technically true, it's just how it works.

I don't think it's actually doing anything nefarious yet. fwiw.

[–] pluge@piefed.social 5 points 1 day ago (1 children)

This is a little disengenuous...the browser extension ≠ the desktop app. Some people install the app and only use the chat feature. Some use cowork but would never want to use the browser extension. Assuming that installing a desktop app means you should also want the browser extension is just bad logic.

[–] terabyterex@lemmy.world 7 points 1 day ago

You cant access the browser unless you insta the extension. The desktop app just places jooks for the extension if it is ever installed. It wont work with out the extension

[–] Epzillon@lemmy.world 0 points 1 day ago (2 children)

Even if this was an opt-in feature the implementation is still terrible and a massive security hole. If id wanted the desktop app entirely and solely for this purpose i still would not expect my browser extension to have full access to my computer. I understand the app does, not the browser extension.

No matter how you twist and turn this situation Anthtopic has still introduced a major security issue in their application. It might be a bit far to call it malware immediately but it sure does open up a massive attack vector to take advantage of.

The fact that the end user is not even informed or have a choice about this makes it all the more problematic and Anthropic not commenting on it makes me think its either intentional or at the very least already known.

[–] terabyterex@lemmy.world 4 points 1 day ago (1 children)

The security issue, as the blog says, is that it trusts any extension with the id. So if you can spoof the extension you have access.

What i was saying is that its not spyware. Which is a different issue.

[–] Epzillon@lemmy.world 1 points 1 day ago (1 children)

Your comment seems very dismissive in the way you phrase this as intended behaviour. A security flaw like this can impossibly be intended behaviour.

In my previous comment i also say thats calling it malware is a bit far-fetched but the security issues are absolutely there and should not be dismissed as "intended behaviour". Especially not by a company like Anthropic.

I am not well versed in extension development but is there anything stopping me from making an open source extension and just defining the ID as one of the three in the article? It most likely couldnt be released via the chrome addon store but if it is installed outside of thar? And how are these IDs read after install, could it potentially be altered by something from the outside?

I immediately see so many flaws with this implementation it is worrying that a company the size of Anthropic does this.

[–] terabyterex@lemmy.world 1 points 1 day ago

There are many flaws. I am in no way cintradicting it or dismissing it.

[–] CanIFishHere@lemmy.ca 0 points 1 day ago (1 children)

Now you're just making stuff up.

[–] Epzillon@lemmy.world 1 points 1 day ago (1 children)

Excuse me if im misunderstanding something but what exactly am i making up?

[–] CanIFishHere@lemmy.ca 1 points 13 hours ago (1 children)

You admit you don't understand extension development, but then present a conspiratorial hypothesis that has zero data to support it. How about the Researcher is wrong and no malware is being installed. Even the headline says 'claims' instead of 'data proves'.

[–] Epzillon@lemmy.world 1 points 6 hours ago

Did i say malware is being installed? And am i not allowed to hypothesize?

I see the security hole. I imagine some ways it could be abused by an attacker. I admit I am not knowledgable in extension development to make it clear those are hypothesized ideas. Hell theyre even phrased like question? I even agree this is not directly malware and that saying so is a stretch.

[–] TacoEvent@lemmy.zip 3 points 2 days ago (1 children)

Side question, are the typos intentional?

[–] FearfulSalad@ttrpg.network 7 points 1 day ago (1 children)

Mobile keyboard without spellcheck, I make thr exact same typos as thst poster with my thick fingers.

[–] ILikeBoobies@lemmy.ca 2 points 1 day ago

Or it's an iPhone, they sometimes don't input pressed letters or input the wrong one.