Attackers Exploit Leaked Claude AI Code to Spread Vidar and GhostSocks Malware
Key Takeaways Anthropic’s Claude Code, a terminal-based AI coding assistant, had its complete source code accidentally leaked on March 31, 2026. Threat actors are exploiting the leak by creating...
Key Takeaways
- Anthropic’s Claude Code, a terminal-based AI coding assistant, had its complete source code accidentally leaked on March 31, 2026.
- Threat actors are exploiting the leak by creating malicious GitHub repositories that distribute the Vidar information stealer and GhostSocks proxy malware to unsuspecting developers.
- The exposed internal mechanisms of Claude Code could enable sophisticated supply chain attacks and silent device takeovers.
- Organizations must implement immediate defensive measures, including developer education and enhanced security protocols, to mitigate risks.
A significant security incident has emerged following the accidental exposure of Anthropic’s flagship terminal-based coding assistant, Claude Code. On March 31, 2026, the artificial intelligence company inadvertently made the complete source code for its AI assistant publicly accessible, triggering a wave of concern across the cybersecurity landscape.
Table Of Content
The leak stemmed from a packaging error within a public npm package. This misstep led to the inclusion of a JavaScript source map file, which contained over half a million lines of un-obfuscated TypeScript code. While the exposed data did not encompass sensitive elements like model weights or user information, it did reveal intricate internal operational mechanisms of the AI system.
The incident quickly escalated after security researcher Chaofan Shou publicly announced the breach on social media. The proprietary codebase was subsequently mirrored across numerous GitHub repositories and forked tens of thousands of times, making it widely available to the public and, critically, to malicious actors.
The widespread accessibility of this internal code has created a substantial new avenue for supply chain attacks. Cybercriminals have swiftly moved to weaponize the incident, establishing malicious forks of the repository designed to compromise the workstations of developers seeking access to the leaked information.
Researchers at Zscaler ThreatLabz recently uncovered a highly sophisticated campaign actively exploiting this leak. The campaign employs social engineering tactics, luring developers under the guise of providing access to the leaked Claude Code source.
Delivering Vidar and GhostSocks Malware
In this newly identified threat campaign, attackers have established deceptive GitHub repositories that meticulously mimic the authentic leaked Claude Code repository. One such malicious page, attributed to a threat actor operating under the alias “idbzoomh,” has achieved high visibility in search engine results, making it easily discoverable by developers looking for the leaked files.
The repository falsely promises an “unlocked” version of the enterprise software, touting features like unlimited usage. However, instead of legitimate code, the provided zip archive contains a Rust-based dropper executable. When executed, this dropper deploys two critical pieces of malware: the Vidar information stealer, designed to exfiltrate sensitive credentials, and GhostSocks, a tool used to proxy network traffic.
The deployment of GhostSocks in this campaign bears a striking resemblance to previous attack patterns, where threat actors distributed network proxies alongside data-stealing malware through fake software installers.
Beyond the immediate threat of social engineering lures, the exposure of Claude Code’s internal components presents severe long-term risks. The leaked files detail complex orchestration processes, permission execution layers, persistent memory systems, and dozens of hidden internal feature flags. Given that the original codebase incorporates advanced capabilities for local shell execution and auto-executing scripts, threat actors who possess the full source code are now in a prime position to craft highly precise exploits. This could potentially enable silent device takeovers or credential theft, triggered simply by tricking a developer into cloning an untrusted repository or opening a specially crafted project file.
What You Should Do
- Educate Developers: Strongly advise all development teams against downloading, building, or running any code purporting to be the leaked Anthropic software from unofficial sources.
- Rely on Official Channels: Emphasize the importance of strictly using official channels and signed binaries for all software and updates to maintain integrity.
- Implement Zero Trust and Segmentation: Deploy a Zero Trust architecture and segment access to critical applications and development environments to limit the potential impact of a compromised workstation.
- Monitor for Anomalies: Continuously monitor for anomalous outbound network connections and regularly scan local environments for unexpected npm packages or other unauthorized software installations.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.