Developers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware.
According to researchers at Ontinue, attackers are abusing a fake Claude Code installer to deliver a previously undocumented PowerShell payload. The malware is designed to evade detection, recover browser encryption material, and steal sensitive data from developer systems.
“Developers hold the keys to an organization’s most sensitive assets – intellectual property, cloud infrastructure, CI/CD pipelines,” said Vineeta Sangaraju, AI Research Engineer at Black Duck. “They also, by necessity, need the freedom to download and install software. That combination makes them a high-...