Researchers discovered a malicious repository disguised as leaked Claude Code source code, containing credential-stealing malware. The malware, found in a .7z archive, drops Vidar and GhostSocks to steal data and control infected devices. The incident highlights how quickly cybercriminals exploit popular news and products for scams.
Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware.Zscaler's ThreatLabz researchers came across the repo while monitoring GitHub for threats, and said it's disguised as a leaked TypeScript source code for Anthropic's Claude Code CLI.
"The README file even claims the code was exposed through a .map file in the npm package and then rebuilt into a working fork with 'unlocked' enterprise features and no message limits," the security sleuths They added that the GitHub repository link appeared near the top of Google results for searches like"leaked Claude Code." While that was no longer the case at's time of publication, at least two of the developer's trojanized Claude Code source leak repos remained on GitHub, and one of them had 793 forks and 564 stars.AI agents are 'gullible' and easy to turn into your minions The malicious .7z archive in the repository's releases section is named Claude Code - Leaked Source Code, and it includes a Rust-based dropper named ClaudeCode_x64.exe. Once it's executed, the malware drops Vidar v18.7 and GhostSocks onto users' machines, and then the Vidar stealer gets to work collecting sensitive data while GhostSocks turns infected devices intoBoth of these illustrate how quickly criminals move to take a buzzy new product or news event and then abuse it for online scams and financial gain."That kind of rapid movement increases the chance of opportunistic compromise, especially through trojanized repositories," the Zscaler team wrote. The blog also includes a list of indicators of compromise, including the GitHub repositories with the trojanized Claude Code leak and malware hashes to help defenders in their threat-hunting efforts, so be sure to check that out - and, as always, be careful what you download. ®PrismML debuts energy-sipping 1-bit LLM in bid to free AI from the cloudEnterprise infrastructure choices shouldn't have to be hostages to compromise. Cisco FlashStack with Nutanix sets out to break the deadlockNetflix - yes Netflix - jumps on the AI bandwagon with video editorGoogle battles Chinese open-weights models with Gemma 4
Claude Code Malware Credential Theft Github Cybersecurity Threats
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
They thought they were downloading Claude Code source. They got a nasty dose of malware instead: Source code with a side of Vidar stealer and GhostSocks
Read more »
'Easy to assemble' garden swing chair now less than £80Shoppers can get an extra 10% off the discounted three-person garden swing with this discount code
Read more »
'Easy to assemble' garden swing chair now less than £80 in deal cheaper than AmazonShoppers can get an extra 10% off the discounted three-person garden swing with this discount code
Read more »
Get $20 Bonus and Skip Polymarket Waitlist with Promo Code GOALNew Polymarket users can skip the waitlist and receive a $20 bonus by using the promo code GOAL. This offer allows immediate access to the prediction market, which is now live in the US and regulated by the CFTC.
Read more »
AI's Promise and Perils: Increased Efficiency, Increased WorkAI's accessibility is rising, but achieving optimal results requires significant effort. Experts from IBM, Meta, and Netflix highlight that while AI can boost productivity and create new jobs, it also demands more context preparation and outcome validation. This leads to increased workload and the need for specialized agents to manage AI-generated work, exemplified by adversarial code review. Despite its potential, the current state of AI necessitates human involvement, parallel processing, and constant monitoring, leading to fatigue.
Read more »
Cloudflare Releases EmDash: A Serverless WordPress Alternative Built with AI and TypeScriptCloudflare has launched EmDash, a rebuilt WordPress alternative. EmDash uses TypeScript and Astro, aiming for compatibility with WordPress functionality but without using WordPress code. It is designed to be serverless, scaling up or down based on traffic, and targets the large WordPress market to encourage migration to Cloudflare's Workers platform. The project utilizes AI in its development and was announced on April 1st.
Read more »