Menace actors are exploiting the latest Claude Code supply code leak through the use of faux GitHub repositories to ship Vidar information-stealing malware.
Claude Code is a terminal-based AI agent from Anthropic, designed to execute coding duties straight within the terminal and act as an autonomous agent, able to direct system interplay, LLM API name dealing with, MCP integration, and protracted reminiscence.
On March 31, Anthropic unintentionally uncovered the complete client-side supply code of the brand new instrument through a 59.8 MB JavaScript supply map included by chance within the revealed npm bundle.
The leak contained 513,000 strains of unobfuscated TypeScript throughout 1,906 recordsdata, revealing the agent’s orchestration logic, permissions, and execution techniques, hidden options, construct particulars, and security-related internals.
The uncovered code was quickly downloaded by a lot of customers and revealed on GitHub, the place it was forked hundreds of occasions.
In response to a report from cloud safety firm Zscaler, the leak created a possibility for menace actors to ship the Vidar infostealer to customers on the lookout for the Claude Code leak.
The researchers discovered {that a} malicious GitHub repository revealed by person “idbzoomh” posted a faux leak and marketed it as having “unlocked enterprise options” and no utilization restrictions.
Supply: Zscaler
To drive as a lot site visitors to the bogus leak, the repository is optimized for engines like google and is proven among the many first outcomes on Google Search for queries like “leaked Claude Code.”
Supply: Zscaler
In response to the researchers, curious customers obtain a 7-Zip archive that incorporates a Rust-based executable named ClaudeCode_x64.exe. When launched, the dropper deploys Vidar, a commodity info stealer, together with the GhostSocks community site visitors proxying instrument.
Zscaler found that the malicious archive is up to date ceaselessly, so different payloads could also be added in future iterations.
The researchers additionally noticed a second GitHub repository with an identical code, however it as a substitute reveals a ‘Obtain ZIP’ button that wasn’t purposeful on the time of research. Zscaler estimates it’s operated by the identical menace actor who probably experiments with supply methods.
Supply: Zscaler
Regardless of the platform’s defenses, GitHub has usually been used to distribute malicious payloads disguised in varied methods.
In campaigns in late 2025, menace actors focused inexperienced researchers or cybercriminals with repositories claiming to host proof-of-concept (PoC) exploits for lately disclosed vulnerabilities.
Traditionally, attackers had been fast to capitalize on broadly publicized occasions within the hope of opportunistic compromises.
Automated pentesting proves the trail exists. BAS proves whether or not your controls cease it. Most groups run one with out the opposite.
This whitepaper maps six validation surfaces, reveals the place protection ends, and offers practitioners with three diagnostic questions for any instrument analysis.
