Fake Claude Code takes the IElevator to your browser secrets
Summary
Attackers are distributing a new PowerShell malware disguised as a fake Claude Code installer. This malware targets developers by stealing sensitive data, including browser encryption material, and is designed to evade detection through sophisticated evasion techniques.
IFF Assessment
This article details a new malware campaign that poses a significant threat to developers and their organizations by targeting sensitive assets and employing advanced evasion techniques.
Defender Context
Defenders should be aware of this evolving threat targeting developers, as they are often high-value targets due to their access to critical infrastructure and intellectual property. Monitoring for unusual PowerShell activity, especially related to software installations, and educating developers on safe software acquisition practices are crucial.