Full Report
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...]
Analysis Summary
# Incident Report: Exploitation of Claude Code Leak to Distribute Vidar Malware
## Executive Summary
Threat actors are capitalizing on the accidental source code leak of Anthropic’s "Claude Code" tool to distribute Vidar information-stealing malware via fraudulent GitHub repositories. By SEO-optimizing repositories that promise "unlocked enterprise features," attackers lure developers and researchers into downloading a malicious Rust-based dropper. The campaign effectively weaponizes developer interest in AI internals to compromise systems with infostealers and proxy tools.
## Incident Details
- **Discovery Date:** April 2, 2026 (Reported by Zscaler)
- **Incident Date:** March 31, 2026 (Initial leak) - Ongoing
- **Affected Organization:** Users/Developers seeking the Claude Code leak
- **Sector:** Technology / Software Development
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** March 31, 2026
- **Vector:** Phishing via SEO-poisoned GitHub repositories/Social Engineering.
- **Details:** Following Anthropic's accidental leak of Claude Code via an npm package source map, threat actors (e.g., user "idbzoomh") created fake repositories advertised as "unlocked" versions of the leaked code.
### Lateral Movement
- **Details:** Not explicitly detailed in the report; however, the deployment of **GhostSocks**, a network traffic proxying tool, suggests the intent to use the infected host as a relay for further network activities.
### Data Exfiltration/Impact
- **Details:** Deployment of **Vidar Infostealer**, which targets browser credentials, cookies, crypto wallets, and system information.
### Detection & Response
- **How it was discovered:** Security researchers at Zscaler identified the malicious repositories appearing in top Google search results.
- **Response actions taken:** Public disclosure by Zscaler and reporting of the malicious accounts/repositories to GitHub for takedown.
## Attack Methodology
- **Initial Access:** SEO Poisoning and Social Engineering (hosting fake "enterprise" versions of leaked software on GitHub).
- **Persistence:** Not specified, but typical for Vidar via registry keys or startup folder tasks.
- **Defense Evasion:** Use of a Rust-based dropper (`ClaudeCode_x64.exe`) to potentially bypass signature-based detection; archive files (7-Zip) to mask payloads.
- **Credential Access:** Vidar malware extracts saved passwords and session tokens from web browsers.
- **Collection:** Automated gathering of system metadata, cryptocurrency wallet data, and sensitive files.
- **Exfiltration:** Data sent to attacker-controlled C2 infrastructure (standard Vidar behavior).
- **Impact:** Theft of intellectual property, credentials, and potential use of the host as a proxy.
## Impact Assessment
- **Financial:** Potential for unauthorized access to financial accounts and cryptocurrency wallets.
- **Data Breach:** High risk; loss of personal developer credentials and sensitive system environment variables.
- **Operational:** Compromised developer workstations can lead to supply chain risks for the organizations they work for.
- **Reputational:** Exploitation of a high-profile AI brand (Anthropic/Claude) to lure victims.
## Indicators of Compromise
- **Network indicators:**
- [h]xxps[:]//github[.]com/idbzoomh (Malicious Repository)
- **File indicators:**
- `ClaudeCode_x64.exe` (Rust-based dropper)
- `Claude_Code_Leak.7z` (Malicious archive)
- **Behavioral indicators:**
- Deployment of `GhostSocks` proxy tool.
- Unexpected outbound connections to known Vidar C2 infrastructures.
## Response Actions
- **Containment:** Reporting and removal of malicious GitHub repositories.
- **Eradication:** Users who downloaded the fake leak must perform a full system wipe or deep malware scan and rotate all credentials stored on the device.
- **Recovery:** Restoration of clean environments for affected developers; auditing of any GitHub/NPM tokens stored on compromised machines.
## Lessons Learned
- **Key takeaways:** High-profile leaks are immediately followed by "second-stage" social engineering attacks targeting those interested in the leak.
- **What could have been done better:** Anthropic's initial CI/CD oversight (including a 60MB source map in a production npm package) was the root cause that provided the "bait" for this campaign.
## Recommendations
- **Strict CI/CD Monitoring:** Ensure build pipelines strip source maps and internal documentation before publishing to public registries like npm.
- **Verify Sources:** Developers should only download tools from official organization repositories (e.g., Anthropic’s verified GitHub) rather than third-party mirrors.
- **Threat Hunting:** Security teams should monitor for the execution of unrecognized Rust-based binaries in developer environments.
- **Endpoint Protection:** Use EDR solutions capable of detecting the behavioral patterns of commodity stealer families like Vidar.