The recent Claude Code source code leak is now being exploited by threat actors, who are using fake GitHub repositories to deliver infostealer malware to users searching for the leaked code.
Claude Code is a terminal-based AI agent designed to execute coding tasks and automate development workflows. On March 31, Anthropic unintentionally published a version of the tool to npm that included a large JavaScript source map file.
Because the file embedded the original TypeScript sources, it allowed anyone to reconstruct nearly the entire codebase. The leak reportedly exposed hundreds of thousands of lines of code and internal implementation details before the package was removed.
Although Anthropic clarified that no customer data, credentials, or secrets were exposed and described the incident as a packaging error rather than a breach, the leaked code spread rapidly across GitHub.
Developers began analyzing the repository for undocumented features and insights into how the agent operates. This widespread attention also created an opportunity for malicious actors. Security researchers observed attackers publishing fake GitHub repositories claiming to host the leaked Claude Code or modified versions with unlocked enterprise features.
Malicious GitHub Repository
Credit – Zscaler
These repositories were designed to appear legitimate and were optimized to rank highly in search results for users looking for the leak.
Instead of providing the promised files, the repositories directed users to download compressed archives containing a malicious executable. When launched, the program installs Vidar, a well-known information-stealing malware. Infostealers like Vidar are designed to harvest sensitive data from infected systems, including saved browser credentials, cookies, cryptocurrency wallet data, and system information.
In this campaign, the malware was reportedly bundled with additional tooling that can proxy network traffic, potentially allowing attackers to maintain access or route malicious activity through compromised machines.
The malicious repositories are actively distributing malware disguised as Claude Code, and researchers have noted multiple versions appearing online. Users are advised to avoid downloading the tool from unofficial sources and to verify any repositories before running executables.
About the author:
