Claude Code leak used to push infostealer malware on GitHub

pPayouts King ransomware uses QEMU VMs to bypass endpoint securityppApple account change alerts abused to send phishing emailsppCritical flaw in Protobuf library enables JavaScript code executionppNIST to stop rating nonpriority flaws due to volume increaseppVercel confirms breach as hackers claim to be selling stolen datappApple account change alerts abused to send phishing emailsppNIST to stop rating nonpriority flaws due to volume increaseppEdit convert and sign PDFs fast with this 40 lifetime toolppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppThreat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar informationstealing malwareppClaude Code is a terminalbased AI agent from Anthropic designed to execute coding tasks directly in the terminal and act as an autonomous agent capable of direct system interaction LLM API call handling MCP integration and persistent memoryppOn March 31 Anthropic accidentally exposed the full clientside source code of the new tool via a 598 MB JavaScript source map included by accident in the published npm packageppThe leak contained 513000 lines of unobfuscated TypeScript across 1906 files revealing the agents orchestration logic permissions and execution systems hidden features build details and securityrelated internalsppThe exposed code was rapidly downloaded by a large number of users and published on GitHub where it was forked thousands of timesppAccording to a report from cloud security company Zscaler the leak created an opportunity for threat actors to deliver the Vidar infostealer to users looking for the  Claude Code leakppThe researchers found that a malicious GitHub repository published by user idbzoomh posted a fake leak and advertised it as having unlocked enterprise features and no usage restrictionsppTo drive as much traffic to the bogus leak the repository is optimized for search engines and is shown among the first results on Google Search for queries like leaked Claude CodeppAccording to the researchers curious users download a 7Zip archive that contains a Rustbased executable named ClaudeCodex64exe When launched the dropper deploys Vidar a commodity information stealer along with the GhostSocks network traffic proxying toolppZscaler discovered that the malicious archive is updated frequently so other payloads may be added in future iterationsppThe researchers also spotted a second GitHub repository with identical code but it instead shows a Download ZIP button that wasnt functional at the time of analysis Zscaler estimates it is operated by the same threat actor who likely experiments with delivery strategiesppDespite the platforms defenses GitHub has often been used to distribute malicious payloads disguised in various waysppIn campaigns in late 2025 threat actors targeted inexperienced researchers or cybercriminals with repositories claiming to host proofofconcept PoC exploits for recently disclosed vulnerabilitiesppHistorically attackers were quick to capitalize on widely publicized events in the hope of opportunistic compromisesppAI chained four zerodays into one exploit that bypassed both renderer and OS sandboxes A wave of new exploits is comingppAt the Autonomous Validation Summit May 12 14 see how autonomous contextrich validation finds whats exploitable proves controls hold and closes the remediation loopppClaude Code source code accidentally leaked in NPM packageppCisco source code stolen in Trivylinked dev environment breachppNew AgingFly malware used in attacks on Ukraine govt hospitalsppChatGPT rolls out new 100 Pro subscription to challenge ClaudeppFake VS Code alerts on GitHub spread malware to developersppHonestly I didnt believe the source code had actually leaked until April 2nd it all seemed like misinformation at first But the number of people who ended up downloading malware in the process is staggering
Then theres that GitHub repo sitting at 100k stars claiming to have rewritten the whole thing in PythonRust within hours And people just trust it enough to download and run it Thats a hard pass for me Just trust us we rewrote everything is not exactly a convincing security guarantee
The real issue runs deeper than this incident though The AI space moves so fast that everything feels new and exciting and that FOMO makes people throw caution out the window Only time and proper scrutiny will separate the legitimate projects from the opportunistic onesppNot a member yet Register NowppVercel confirms breach as hackers claim to be selling stolen datappRecently leaked Windows zerodays now exploited in attacksppMicrosoft Some Windows servers enter reboot loops after April patchesppNAKIVO Backup Replication v112 brings realtime replication and ransomware resilience See the full releaseppCredit card fraud is getting more structured are you monitoring the sourcesppAI is a databreach time bomb Read the new reportppRead this new guide to AI adoption for IT and security teams before investing in AI tools ppOverdue a password healthcheck Audit your Active Directory for freeppFrom vehicle research to cyber defense NMFTA leads with cybersecurity research threat insights and practical resources Learn MoreppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2026 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp