Skip to content
The Nexus
SECURITYMay 11 · 20:21 UTCTHE REGISTER

Cookie thieves caught stealing dev secrets via fake Claude Code installers

A malicious campaign is stealing developers' secrets via fake Claude Code installers, targeting Chromium-based browsers and exfiltrating sensitive data. The attackers abuse the IElevator2 COM interface to decrypt cookies, passwords, and payment methods. The campaign uses a unique payload that doesn't match any documented malware family.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this