{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigkbunqviskji4n4yc625ldohvdlllfyagl36ah57yngbjqv4bzwu",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mgfd5xc6ubl2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifsrnbvtzcmqsm6ii63lkpfcqfovqzz6loxpzi6mrxf4kb2prx62m"
    },
    "mimeType": "image/jpeg",
    "size": 56454
  },
  "path": "/fake-claude-code-download-pages-push-mshta-infostealer-at-developers-researchers-warn/",
  "publishedAt": "2026-03-06T08:53:16.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Fake Claude Code download pages push MSHTA infostealer at developers, researchers warn",
    "VPN Central"
  ],
  "textContent": "Threat actors have started abusing fake “Claude Code” download pages to infect developers and IT professionals with an infostealer. The sites imitate legitimate Anthropic branding and install guidance, then lead victims into launching Windows mshta.exe to execute a remotely hosted HTA payload that steals credentials, browser data, and session tokens. Researchers describe this as a […]\n\nThe post Fake Claude Code download pages push MSHTA infostealer at developers, researchers warn appeared first on VPN Central.",
  "title": "Fake Claude Code download pages push MSHTA infostealer at developers, researchers warn"
}