Undocumented Information Stealer Targets Developers Through Malicious Install Pages
A newly identified information stealer has surfaced, exploiting fake installation pages for Claude Code to infiltrate systems. This sophisticated attack involves hijacking Chromium-based browsers, effectively bypassing App-Bound Encryption to extract crucial information such as cookies, passwords, and payment data from developer workstations.
The campaign was first detailed on May 11 by Ontinue’s Cyber Defense Center, which traced the operation back to three operator-controlled domains that were registered within a mere six days in April 2026. Victims typically found these deceptive pages after clicking on sponsored search results promising to allow “install claude code.”
The fraudulent page closely mirrored the design of legitimate Claude Code documentation, creating a sense of authenticity that lured users into a false sense of security. However, instead of offering genuine installation instructions, it presented a deceptive HTML command that redirected to an attacker-controlled domain instead of the expected canonical Anthropic host.
Upon executing the /install.ps1 file from this malicious domain, victims unwittingly downloaded a code that closely resembled the real installation process. This crafted file tricked automated URL scanners into seeing an entirely legitimate PowerShell script, even as it covertly redirected users to malicious endpoints.
A Native Helper Engineered for Stealth
Once executed, the altered command fetched a heavily obfuscated PowerShell loader, roughly 600 KB in size. This loader was further designed to enumerate several Chromium-family browsers, which include popular names such as Chrome, Edge, Brave, Vivaldi, and others. The loader then reflectively injected a small 4608-byte native helper into an active browser process.
The function of this native helper is notably sinister; it employs the browser’s IElevator2 COM interface—introduced in Chrome version 144—to retrieve the App-Bound Encryption key. This method mirrors tactics employed in the Glove Stealer incident documented in late 2024 but diverges in execution and design, showcasing the attackers’ adaptability.
Notably, Ontinue, a company specializing in AI-driven managed Security Operations Center (SOC) services, pointed out that the native helper does not reveal its presence through network, file, or cryptographic imports. Instead, all detectable activities, such as accessing SQLite databases, constructing archives, and exfiltration over HTTPS, remained confined within the PowerShell environment, as if intentionally designed to evade detection by behavioral rules that typically analyze native binaries in isolation.
Developer Workstations: A Prime Target
Evidence compiled by Ontinue places the development of this malicious code within 60 days following the release of Chrome 144 in January 2026. This timeline indicates an ongoing development effort geared specifically towards keeping pace with updates in Chromium. However, a critical error found within the code—a transcription mistake in the embedded Edge IElevator2 IID—causes the initial invocation to fail silently, prompting a fallback to an older version of the IElevator interface. This flaw might inadvertently serve as a high-confidence detection signature for cybersecurity defenders.
The loader establishes longevity within the target system by creating a Windows scheduled task that connects to the operator’s command and control (C2) server every minute. Notably, if the machine’s geographic location aligns with regions such as Iran, Russia, or other Commonwealth of Independent States (CIS) member countries, the code terminates itself early to avoid detection.
Vineeta Sangaraju, an AI research engineer at Black Duck, emphasized the critical focus onto developer workstations as they represent a high-value pivot point within organizations. “Developers hold the keys to an organization’s most sensitive assets—intellectual property, cloud infrastructure, and continuous integration/continuous deployment (CI/CD) pipelines,” she commented. The compromise of a single developer workstation can have cascading effects, making it easy for attackers to infiltrate source code repositories, cloud environments, and software downstream.
In light of these developments, Ontinue urges organizations and their cybersecurity teams to implement stringent measures, including enforcing PowerShell Constrained Language Mode, enabling script block logging, and applying web content filtering against newly registered domains. By adopting these proactive measures, companies can better equip themselves to defend against such increasingly sophisticated and targeted attacks, safeguarding their sensitive information and intellectual property against evolving threats in the cybersecurity landscape.