Cookie Thieves Target Developers via Fake Claude Code Installers
A new campaign is targeting developers with fake Claude Code installers that exfiltrate cookies, passwords, and payment data from their machines.
A malicious campaign is actively targeting software developers by distributing fake installers for popular coding tools, including Claude Code. Researchers at Ontinue have identified that these lures mimic legitimate one-line installation commands, but instead redirect users to an attacker-controlled host to download malicious payloads [The Register].
The malware is designed to exfiltrate sensitive information from the developer's machine, specifically targeting decrypted cookies, saved passwords, and payment methods. By compromising these development environments, attackers gain the ability to access internal systems, source code repositories, and other high-value infrastructure [The Register].
Developers are advised to exercise extreme caution when executing one-line installers from the internet and to verify the destination URLs before running any commands. Organizations should implement strict endpoint security controls and monitor for unauthorized access to developer workstations. This campaign highlights the ongoing threat to the software supply chain and the importance of securing developer-centric tools [The Register].