Security researchers have uncovered a previously undocumented attack campaign targeting developers, using a payload that steals passwords, cookies and even payment methods. It combines fake developer tools, including Claude Code installers, with a sneaky method for recovering Chromium-based browser App-Bound Encryption keys. One security expert told me that this threat warrants an immediate and effective actionable response. Another that it highlights the danger of agent-based and manual installation processes. Here’s what you need to know.
Counterfeit Claude Code Installers Abuse Browser IElevator2 COM Interface To Steal Passwords
Google Chrome has 127 new security vulnerabilities, but this isn’t one of them. Indeed, while the world’s most popular web browser has already issued an update to patch those bugs, the high-impact vulnerability uncovered by the Ontinue Cyber Defense Center remains exploitable. Specifically targeting developers, Rhys Downing, a threat researcher at Ontinue, has confirmed that the attack campaign leverages “fake installation pages that mimic popular developer tools, including counterfeit Claude Code installers.” Downing has published a report explaining exactly how one such fake Claude Code installer is able to steal credentials from Chromium-based web browsers, including Chrome.
People who search for “install Claude code” and then select a sponsored result find themselves on what appears to be a legitimate Claude Code installation page, but is nothing of the sort. Instead, it is a lure that displays an installation command that mimics the authentic one-line installer.
“These lures swap legitimate one-line installers for attacker-controlled commands,” Downing warned, adding that it “injects a 4.6 KB native helper into a Chromium-family browser.” This helper then uses the IElevator2 COM interface to call the browser’s own Elevation Service, and from there, recover the critical App-Bound Encryption key. The result is the successful exfiltration of fully decrypted cookies, passwords and payment methods. And, yes, that is as bad as it sounds.
“Developers hold the keys to an organization’s most sensitive assets – intellectual property, cloud infrastructure, CI/CD pipelines,” Vineeta Sangaraju, an AI research engineer at Black Duck, told me, warning that by necessity they also “need the freedom to download and install software.“ And that, dear reader, is what makes them such a high-value target for these kind of attack campaigns. “One compromised developer workstation does not stay contained,” Sangaraju said, “it pivots into source code repositories, into cloud environments, and into downstream software.” Hence the need for an immediate and effective actionable response to this threat. According to Sangaraju the solution is not to be found with blunt-force blocking or adding yet another firewall rule, but rather revisiting detection strategies that account for trusted, native system components being abused. “The research points to concrete controls such as restriction and constant monitoring of PowerShell activity,” Sangaraju said, “detecting obfuscated components in the development chain as well as filtering newly registered domains.” Meanwhile, John Gallagher, vice president of Viakoo Labs, advised that organizations should be focused on having automated methods of rotating credentials across the entire enterprise. “Even if an admin’s browser credentials are stolen,” Gallagher said, “having an automated credential management solution for OT/IoT ensures those passwords are changed frequently and remain compliant, limiting the ‘blast radius’ of a workstation compromise.”
And above all else, only download the installer from the official Claude Code site.
