Claude Code Leak - Infostealer Malware Delivered via GitHub
Basically, hackers are using a leaked AI tool's code to trick people into downloading malware.
A recent leak of Claude Code's source code is being exploited by hackers to distribute Vidar malware through fake GitHub repositories. Users searching for the leak are at high risk of infection. Stay informed and cautious to avoid downloading malicious software.
What Happened
Recently, the source code for Claude Code, an AI terminal agent developed by Anthropic, was accidentally leaked. This leak occurred when a 59.8 MB JavaScript source map was included in a published npm package. The exposed code included 513,000 lines of TypeScript, revealing sensitive orchestration logic and security features.
In the wake of this leak, threat actors have taken advantage by creating fake GitHub repositories that claim to host the leaked code. These repositories are designed to attract users searching for the Claude Code leak, ultimately delivering Vidar, an information-stealing malware.
Who's Affected
The primary targets of this attack are users who are curious about the leaked Claude Code. Many individuals, including developers and researchers, may be searching for the code out of interest or for legitimate purposes. However, they are at risk of downloading malicious software instead.
How It Works
The malicious GitHub repository, created by a user identified as βidbzoomh,β promotes a fake leak that claims to offer unlocked enterprise features. It is optimized for search engines, ensuring it appears at the top of search results for queries related to the leaked code. When users download the 7-Zip archive, they receive a Rust-based executable named ClaudeCode_x64.exe. Launching this executable installs Vidar, along with the GhostSocks proxy tool, on the user's system.
Signs of Infection
Users may notice unusual behavior on their systems after executing the downloaded file. Signs include unexpected network activity, slow system performance, and unauthorized access to sensitive data. If you suspect infection, itβs crucial to act quickly.
How to Protect Yourself
To avoid falling victim to this scheme, follow these precautions:
- Verify Sources: Always download software from official and reputable sources.
- Use Antivirus Software: Ensure your antivirus is up to date and running.
- Be Cautious with Archives: Be wary of downloading executable files from unknown or suspicious repositories.
- Monitor Network Activity: Keep an eye on your network for any unusual activity that may indicate malware presence.
Conclusion
This incident underscores the importance of vigilance when exploring new software, especially following a high-profile leak. As threat actors continue to exploit such vulnerabilities, users must remain cautious and informed to protect themselves from malware attacks.