When a Seattle-based backend developer — who asked to be identified only by his GitHub handle, dstroud — searched for “Claude Code installation guide” in late March, the top sponsored result on Google looked perfectly legitimate. He clicked, downloaded what appeared to be an installer package, and ran it. Within 90 seconds, an infostealer had harvested his browser session tokens, SSH keys, and cre...
