Claude Code leak used to push infostealer malware on GitHub
bleepingcomputer.com • • business
Key Points:
- The recent accidental leak of Anthropic's Claude Code source code has been exploited by threat actors using fake GitHub repositories to distribute Vidar information-stealing malware to users seeking the leaked code.
- Anthropic exposed 513,000 lines of unobfuscated TypeScript source code via a 59.8 MB JavaScript source map included in an npm package, revealing sensitive internal details of the Claude Code AI agent.
- Malicious repositories, optimized for search engines, lure users into downloading a Rust-based executable that installs the Vidar infostealer and GhostSocks proxy tool, with updates potentially adding more payloads.
- Researchers from Zscaler identified multiple fake repositories likely operated by the same threat actor experimenting with different malware delivery methods, highlighting ongoing risks despite platform defenses.
- This incident continues a pattern where attackers quickly exploit high-profile leaks or vulnerability disclosures by distributing malicious code disguised as legitimate proof-of-concept exploits or software.
