{"data":{"id":"f1741415-fc43-4b22-acc9-6444a38562e8","title":"Fake Claude Code takes the IElevator to your browser secrets","summary":"Attackers are distributing fake Claude Code installers that deliver malware designed to steal sensitive data from developer systems by evading detection and recovering browser encryption keys. The malware uses a PowerShell loader (a script-based delivery method) to hide malicious activities and exploits Chrome Elevation Services to bypass Application-Bound Encryption (ABE, a Chrome protection added in version 127 to prevent password and cookie theft).","solution":"Ontinue researchers shared a YARA ruleset (a tool for identifying malware by pattern matching) and indicators of compromise (IOCs, technical signatures that identify malicious activity) through GitHub repositories to support detection.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4169992/fake-claude-code-takes-the-ielevator-to-your-browser-secrets.html","publishedAt":"2026-05-12T11:32:37.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude Code","Google Chrome"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-12T11:32:37.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}