CP
cyberpings
Malware & RansomwareHIGH

Claude Code Source Leak - Malware Exploits Developers' Trust

Featured image for Claude Code Source Leak - Malware Exploits Developers' Trust
HNHelp Net Security
Claude CodeAnthropicVidarGhostSocksZscaler
🎯

Basically, hackers used leaked code to trick developers into downloading harmful software.

Quick Summary

A source code leak of Anthropic's Claude Code tool has led to malware disguised as 'unlocked' software. Developers are at risk of downloading harmful files. Stay vigilant and verify sources to protect against these threats.

What Happened

On March 31, 2026, a significant source code leak involving Anthropic’s Claude Code tool was discovered. Security researcher Chaofan Shou identified the leak, which exposed around 513,000 lines of unobfuscated TypeScript across 1,906 files. This leak quickly became a cybersecurity threat as attackers exploited the situation to distribute malware.

How It Works

The leaked source code was soon mirrored on GitHub, where it was presented as an 'unlocked' version of Claude Code. A repository titled “Leaked Claude Code” was created by a user named idbzoomh1. The README file claimed that the material was reconstructed from a .map file embedded in an npm package, offering features that bypassed normal restrictions. This repository included a malicious ZIP file named Claude Code – Leaked Source Code (.7z), containing a Rust-based dropper executable.

Who's Being Targeted

Developers searching for the leaked Claude Code are the primary targets of this malware campaign. As the tool gained popularity, scammers capitalized on the interest, creating fake repositories and install pages that appeared legitimate. The malicious repository even topped Google search results for users seeking the leaked software, making it highly accessible to unsuspecting developers.

Signs of Infection

The malicious executable, ClaudeCode_x64.exe, drops two harmful components upon execution: Vidar v18.7, an information stealer, and GhostSocks, which proxies network traffic. Users who inadvertently downloaded and executed this file risk exposing sensitive information and compromising their systems.

How to Protect Yourself

To safeguard against this threat, developers should:

  • Avoid downloading any code from unofficial sources claiming to be the leaked Claude Code.
  • Verify all software against Anthropic’s official channels.
  • Stay informed about indicators of compromise linked to this campaign, as shared by security researchers.

Conclusion

This incident underscores the importance of vigilance in the cybersecurity landscape. The allure of popular tools can lead to dangerous exploits, making it crucial for developers to exercise caution when navigating online resources. By adhering to best practices and verifying sources, developers can protect themselves from falling victim to such malware campaigns.

🔒 Pro insight: The rapid exploitation of this leak highlights the need for developers to prioritize source verification and security hygiene.

Original article from

HNHelp Net Security· Sinisa Markovic
Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malicious Chrome Extension Steals ChatGPT Conversations

A new malicious Chrome extension is stealing ChatGPT conversations and sending them to a hidden Discord channel. This poses serious privacy risks for users. Stay informed and protect your data.

Cyber Security News·
HIGHMalware & Ransomware

Venom Stealer - New Malware Turns ClickFix Lures Into Threats

Venom Stealer is a new malware that automates data theft through ClickFix lures. It continuously exfiltrates sensitive information, posing a serious risk to victims. Organizations must implement strong defenses to combat this evolving threat.

Cyber Security News·
HIGHMalware & Ransomware

Phorpiex Botnet - Spreading Ransomware and Sextortion Tactics

The notorious Phorpiex botnet is back, spreading ransomware and sextortion schemes. Millions are at risk as it targets users globally. Stay alert and protect your devices from this evolving threat.

Cyber Security News·
HIGHMalware & Ransomware

SparkCat Variant - New Malware Steals Crypto Wallet Images

A new SparkCat malware variant has been found in iOS and Android apps, targeting crypto wallet recovery phrases. This poses a significant risk to users. Stay vigilant and protect your data!

The Hacker News·
HIGHMalware & Ransomware

Ransomware Intrusion - North Dakota Water Treatment Facility Hit

A ransomware attack hit the Minot Water Treatment Plant, disrupting operations for 16 hours. Fortunately, the water supply remained safe. This incident underscores the vulnerabilities in critical infrastructure.

SC Media·
HIGHMalware & Ransomware

Claude Code Leak - Infostealer Malware Delivered via GitHub

A recent leak of Claude Code's source code is being exploited by hackers to distribute Vidar malware through fake GitHub repositories. Users searching for the leak are at high risk of infection. Stay informed and cautious to avoid downloading malicious software.

BleepingComputer·