> Interestingly, the malware checks for the presence of Claude Code CLI or Gemini CLI on the system to offload much of the fingerprintable code to a prompt.
Can anyone explain this? Why is it an advantage?
replies(3):
The cc/geminicli were just an obfuscation method to basically run a find [...] > dump.txt
Oh, and static analysis tools might flag any code with find .env .wallet (whatever)... but they might not (yet) flag prompts :)