According to The Register, a malicious GitHub repository is exploiting the recent leak of Anthropic’s Claude Code source code to distribute malware. Tens of thousands of users have downloaded the compromised code, unaware that some versions contain credential-stealing software.Researchers at Zscaler’s ThreatLabz discovered a GitHub repository disguised as a leaked TypeScript source code for Anthropic’s Claude Code CLI. The repository’s README falsely claims to offer unlocked enterprise features. The malicious download, packaged as a .7z archive, includes a Rust-based dropper named ClaudeCode_x64.exe.Upon execution, this dropper installs Vidar, an infostealer that harvests account credentials, credit card data, and browser history, along with GhostSocks, which creates a proxy network for masking malicious activity. This campaign mirrors a similar one observed in March involving fake OpenClaw installers.Source:The Register
Get essential knowledge and practical strategies to use AI to better your security program.
