The leak of Anthropic’s Claude Code source source materials has quickly turned into a broader cybersecurity threat, after attackers began using fake GitHub repositories to spread Vidar malware. The campaign targets developers who search for a free way to access supposed enterprise features, then lures them into downloading a malicious file disguised as a legitimate Claude Code package.
The timing matters because the original exposure was large and highly visible. A technical mistake on March 31, 2026 reportedly exposed 513,000 lines of TypeScript code through a published npm package, and that material spread fast across forks and mirrors on GitHub.
How the Claude Code leak started
Anthropic’s error centered on a JavaScript source map file sized at 59.8 MB, which made client-side source code easier to recover. That file revealed thousands of lines of unprotected TypeScript code, including internal logic related to orchestration and security behavior in Claude Code.
Once the code appeared online, users began cloning and reposting it. That created a fertile environment for threat actors, because any widely discussed leak can attract people who want to inspect it, test it, or download it without verifying the source.
Why GitHub became the attack channel
Researchers at Zscaler found that attackers did not simply upload random malware and wait for victims. They built a search-friendly lure using fake GitHub accounts, including one named “idbzoomh,” and optimized the phrase “leaked Claude Code” to rank in search results.
This is a classic social engineering tactic, but it is becoming more effective as users increasingly rely on search engines to find software and code samples. When a search result looks technical, public, and active, many developers assume it is safe enough to inspect.
What happened when victims downloaded the file
The fake repository offered a 7-Zip archive that contained a malicious executable called ClaudeCode_x64.exe. Once opened, the file launched a Rust-based dropper that installed Vidar malware on the system.
The same chain also deployed GhostSocks, which helps route illegal network traffic through proxy infrastructure. That extra component makes detection harder and gives attackers more flexibility in hiding their activity after the initial infection.
Why Vidar is especially dangerous
Vidar belongs to the infostealer category, which means it is designed to steal sensitive information quickly and quietly. The malware can extract usernames and passwords saved in popular browsers, including Chrome, Edge, and Firefox.
It can also copy payment data stored in autofill fields. More alarming, Vidar can steal active session cookies, which allows attackers to enter accounts without retyping credentials or passing a one-time 2FA challenge.
What attackers can do with stolen cookies
Session cookies can be more valuable than passwords because they may represent an already authenticated session. If a criminal obtains them before they expire, the attacker can often impersonate the victim inside services such as Gmail, Slack, or online banking.
That technique matters because many users still rely on 2FA as their main protection. Cookie theft can weaken that defense by bypassing the login step entirely, especially when the stolen session remains valid on the target service.
The risk for developers and companies
The incident shows how a software leak can become a delivery mechanism for malware in a matter of hours. Developers are often early adopters, heavy search users, and frequent archive downloaders, which makes them attractive targets for attackers who want access to corporate systems.
This is also a reminder that compromised developer machines can have outsized consequences. A single infected laptop can expose source code, cloud credentials, internal chat systems, browser sessions, and access tokens used across multiple services.
Key warning signs seen in this campaign
- A fake GitHub repository offering “leaked” or “unofficial” code.
- Search-engine bait using keywords tied to a popular product or tool.
- A compressed archive that hides an executable file.
- A Rust-based dropper that installs a second-stage payload.
- Extra proxy tools such as GhostSocks to conceal traffic.
What defenders should do now
Security teams should treat any unofficial Claude Code download as suspicious, especially if it comes from a third-party repository or a mirror site. They should also block or flag archives that contain unexpected executables, since that is a common delivery method for infostealers.
For developers, the safest approach is simple: use only official vendor sources, and verify package integrity before running anything. If a file appears in search results with a “leak” label or a promise of free enterprise access, it should be treated as a likely trap rather than a shortcut.
Practical steps to reduce exposure
- Download only from official repositories or vendor-controlled channels.
- Check file names, hashes, and package signatures before execution.
- Avoid opening archives that contain unexpected .exe files.
- Keep browsers and endpoints patched to limit credential theft risks.
- Review active sessions and revoke logins if suspicious activity appears.
- Use hardware security keys where possible to reduce session abuse.
Anthropic is now working to reduce the impact of the leak, but the more immediate danger comes from the way criminals recycle public attention into malware distribution. As Zscaler’s findings show, a code leak is no longer just an intellectual property problem; it can quickly become a live infection campaign aimed at anyone who clicks the wrong GitHub result.
