SECURITYTHE REGISTER
Cookie thieves caught stealing dev secrets via fake Claude Code installers
A malicious campaign is stealing developers' secrets via fake Claude Code installers, targeting Chromium-based browsers and exfiltrating sensitive data. The attackers abuse the IElevator2 COM interface to decrypt cookies, passwords, and payment methods. The campaign uses a unique payload that doesn't match any documented malware family.
Mentioned