Malware Attack - Users Download Fake Claude Code Source
Basically, people tried to download software but got harmful malware instead.
A recent malware attack tricked users into downloading fake Claude Code source. Thousands were affected by credential-stealing malware. Always verify your downloads to stay safe.
What Happened
This week, a massive wave of downloads for the leaked Claude Code source code turned into a nightmare for many users. Instead of legitimate software, they unknowingly downloaded malware. The malicious repository, hosted on GitHub by a user named idbzoomh, used the excitement around the leaked code as bait to distribute harmful software.
How It Works
The repository was cleverly disguised as a TypeScript source code for Anthropic's Claude Code CLI. It included a README file claiming the code was exposed through a .map file and had been rebuilt with 'unlocked' features. This deceptive tactic led many to believe they were accessing a valuable resource.
Who's Being Targeted
Tens of thousands of eager developers and tech enthusiasts searching for the leaked Claude Code fell victim to this malware. The GitHub repository was prominently featured in search results for terms like "leaked Claude Code," making it easy for unsuspecting users to stumble upon it.
Signs of Infection
Once users downloaded the malicious .7z archive named "Claude Code - Leaked Source Code," they unwittingly executed a Rust-based dropper named ClaudeCode_x64.exe. This dropper installed Vidar, an infostealer that collects sensitive information like account credentials and credit card data, alongside GhostSocks, which turns infected devices into proxy servers for cybercriminals.
How to Protect Yourself
To safeguard against such attacks, users should:
- Verify Sources: Always check the authenticity of repositories and their maintainers before downloading.
- Use Security Tools: Employ security software that can detect and block malware.
- Stay Informed: Follow cybersecurity news to learn about emerging threats and tactics used by cybercriminals.
What You Should Do
If you suspect you have downloaded the malicious files, immediately:
- Disconnect from the internet to prevent further data theft.
- Run a full system scan with an updated antivirus program.
- Change passwords for any accounts that may have been compromised.
This incident serves as a stark reminder of the dangers lurking in seemingly innocent downloads. As cybercriminals continue to exploit trending topics, staying vigilant and informed is crucial for online safety.