Recently, a minor oversight by Anthropic, the creator of the popular Claude AI, led to the accidental exposure of the source code for Claude Code, their terminal-based coding assistant. This happened during a new software release. While the leak itself was a “mishap” and not a hack, the aftermath has proven far more dangerous for the public.
According to reports, cybercriminals are now using the buzz surrounding the leak to distribute a powerful cocktail of malware. More specifically, they’re setting up fake GitHub repositories that claim to host “unlocked” or “enterprise” versions of the leaked code. This way, hackers are luring curious developers into their trap.
Hackers are capitalizing on Anthropic’s Claude code leak by pushing malware
It’s not just the promise of free software that makes this campaign so effective; it’s also how it’s being delivered. One specific actor, who went by the name “dbzoomh,” was able to optimize their malicious repository so well that it showed up on the first page of Google results for searches like “leaked Claude Code.”
Users who fall for the trick download a 7-Zip archive containing a file named ClaudeCode_x64.exe. Instead of a revolutionary AI tool, the executable deploys two distinct threats: Vidar and GhostSocks.
Vidar is a well-known “infostealer” designed to vacuum up passwords, browser cookies, and even cryptocurrency wallet data. On the other hand, GhostSocks acts as a proxy tool, effectively turning the victim’s computer into a relay for other malicious traffic, often sold to other criminals on the dark web.
A pattern of vulnerability
This incident follows a string of security headaches for Anthropic. Just days before this fake leak campaign began, researchers at Koi Security discovered “ShadowPrompt.” This flaw in Claude’s Chrome extension could allow data theft through zero-click attacks. Another group, Oasis, recently disclosed a chain of vulnerabilities they dubbed “Cloudy Day.”
It’s noteworthy that Anthropic has been quick to patch these official flaws. However, they have no control over the “fake” versions circulating on platforms like GitHub. The company’s rapid growth has even forced them to throttle usage during peak hours to keep up with demand. Of course, hackers are clearly happy to exploit this big surge.
To stay safe, the developer community should stick to official channels only. The promise of “unlocked features” or “no usage limits” on a leaked product is almost always a red flag. As the popularity of tools like Claude continues to skyrocket, so will the creativity of those looking to hijack that success. In this case, curiosity didn’t just kill the cat—it stole its passwords.
