They thought they were downloading Claude Code source. They got a nasty dose of malware instead
Source code with a side of Vidar stealer and GhostSocks Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware.…
Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware.
A malicious GitHub repository published by idbzoomh uses the Claude Code exposure as a lure to trick people into downloading malware, including Vidar, an infostealer that snarfs account credentials, credit card data, and browser history; and GhostSocks, which is used to proxy network traffic.
Zscaler's ThreatLabz researchers came across the repo while monitoring GitHub for threats, and said it's disguised as a leaked TypeScript source code for Anthropic's Claude Code CLI.
"The README file even claims the code was exposed through a .map file in the npm package and then rebuilt into a working fork with 'unlocked' enterprise features and no message limits," the security sleuths said in a Thursday blog.
They added that the GitHub repository link appeared near the top of Google results for searches like "leaked Claude Code." While that was no longer the case at The Register's time of publication, at least two of the developer's trojanized Claude Code source leak repos remained on GitHub, and one of them had 793 forks and 564 stars.
-
Anthropic goes nude, exposes Claude Code source by accident
-
Claude Code source leak reveals how much info Anthropic can hoover up about you and your system
-
Malware-laced OpenClaw installers get Bing AI search boost
-
AI agents are 'gullible' and easy to turn into your minions
The malicious .7z archive in the repository's releases section is named Claude Code - Leaked Source Code, and it includes a Rust-based dropper named ClaudeCode_x64.exe.
Once it's executed, the malware drops Vidar v18.7 and GhostSocks onto users' machines, and then the Vidar stealer gets to work collecting sensitive data while GhostSocks turns infected devices into proxy infrastructure that criminals can use to mask their true online location and carry out additional activity through compromised computers.
In March, security shop Huntress warned about a similar malware campaign using OpenClaw, the already risky AI agent platform, as a GitHub lure to deliver the same two payloads.
Both of these illustrate how quickly criminals move to take a buzzy new product or news event (like OpenClaw and the Claude Code leak) and then abuse it for online scams and financial gain. "That kind of rapid movement increases the chance of opportunistic compromise, especially through trojanized repositories," the Zscaler team wrote.
The blog also includes a list of indicators of compromise, including the GitHub repositories with the trojanized Claude Code leak and malware hashes to help defenders in their threat-hunting efforts, so be sure to check that out - and, as always, be careful what you download. ®
The Register AI/ML
https://go.theregister.com/feed/www.theregister.com/2026/04/02/trojanized_claude_code_leak_github/Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
claudeclaude code
I just shipped my first major update to a Chrome extension. Here's what I changed and why.
Building in public means being honest about mistakes. Here's one I made with Prompt Helix and how I fixed it in v1.0.2. Prompt Helix is a Chrome extension that extracts webpage content and sends it directly to your chosen AI. No copy-pasting. No tab switching. Click, ask, get an answer in context. I launched it in February and have been iterating since. The mistake I made with the free tier. When I launched I gave away too much for free. OpenAI and Claude completely free with no daily caps. It felt generous and user-friendly. In reality it meant there was no reason to ever create an account or pay. Someone could install it and use it every day forever without seeing a single upgrade prompt. Classic freemium mistake. I only realised this when I looked at my Clerk dashboard and saw 60 instal
Do You Actually Need an AI Gateway? (And When a Simple LLM Wrapper Isn't Enough)
I remember the early days of building LLM-powered tools. One OpenAI API key, one model, one team life was simple. I’d send a prompt, get a response, and move on. It worked. Fast. Fast forward a few months: three more teams wanted in, costs started climbing, and someone asked where the data was actually going. Then a provider went down for an hour, and suddenly swapping models wasn’t just a code change it was a nightmare. You might have experienced this too: a product manager asks why one team’s model is faster than another’s. Another developer points out that prompt injections have been slipping past reviews. Meanwhile, finance is asking for a monthly cost breakdown, and IT is questioning whether sensitive data is leaving the VPC. Suddenly, your “simple integration” is a tangle of spreadsh
90000 Tech Workers Got Fired This Year and Everyone Is Blaming AI but Thats Not the Whole Story
I build AI agents. Like, thats literally what I do all day — I wire up autonomous systems that scout the internet, write content, publish articles, and report back to me without me touching anything. So when I see headlines screaming about 90,000 tech workers getting fired because of AI, I have a very specific reaction, which is: some of these companies are telling the truth, and a lot of them are completely full of it. The numbers are real though. Challenger, Gray Christmas released a report this week showing 52,050 tech layoffs in Q1 2026 alone — thats a 40% jump from the same period last year. In March alone, AI was cited as the reason for 15,341 of those firings, which is 25% of all tech job cuts that month. A month earlier that number was 10%. So the trend is accelerating fast. TrueUp
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!