Fake Claude Code Repos Push Vidar Infostealer on GitHub

Within 48 hours of Anthropic accidentally leaking Claude Code's source code, threat actors were already using fake GitHub repositories to push Vidar infostealer malware. The campaign ranks visibility high on Google Search, meaning developers searching for the leaked code are landing on malicious repos first.

On March 31, Anthropic published an npm package that inadvertently included a 59.8 MB JavaScript source map containing the full client-side codebase: 513,000 lines of unobfuscated TypeScript across 1,906 files. The leak exposed orchestration logic, permissions systems, and security internals.

How the Attack Works

Zscaler researchers identified a malicious GitHub repository published by user "idbzoomh" that advertises the leak as having "unlocked enterprise features" and no usage restrictions. The bait is effective—developers curious about Claude Code's internals or looking to bypass licensing restrictions are natural targets.

Users who download the repository receive a 7-Zip archive containing ClaudeCode_x64.exe. This Rust-based dropper deploys two payloads:

• Vidar: A commodity infostealer that harvests browser credentials, cookies, credit card data, and cryptocurrency wallet files
• GhostSocks: A network traffic proxying tool that routes attacker traffic through the victim's machine

The same threat actors have been running similar campaigns since February 2026, rotating through more than 25 different software brands as lures. Claude Code is just the latest hook.

Supply Chain Trust Exploitation

This attack pattern exploits the implicit trust developers place in source code. When a leak appears legitimate—especially from a major vendor like Anthropic—the instinct is to grab it before it disappears. That urgency bypasses normal caution.

We've documented similar tactics targeting TikTok and other platforms where threat actors exploit trending topics to distribute malware. The playbook is consistent: find something developers want, create convincing fakes, and SEO-optimize for maximum reach.

The rapid monetization of stolen credentials means compromised developers become enterprise risk vectors within hours. A single infected machine can expose corporate SSO tokens, cloud credentials, and internal system access.

Mitigation Steps

1. Verify repository authenticity before downloading any "leaked" source code
2. Treat downloaded executables with extreme suspicion, especially from unofficial repos
3. Use sandboxed VMs for inspecting suspicious code
4. Monitor endpoints for Vidar's known behavioral patterns
5. Block known IOCs associated with this campaign

For organizations, this is a reminder that developer endpoints are high-value targets. Engineers typically have elevated access to source code, CI/CD systems, and cloud infrastructure. An infostealer on a dev machine can quickly cascade into a much larger incident.

Why This Matters

The speed here is striking. Anthropic's leak was accidental and relatively mundane—an oops in npm packaging. But within two days, adversaries had weaponized it into an active malware distribution campaign with professional SEO to maximize victims.

This is the new reality: any newsworthy event becomes an attack vector almost immediately. Security teams need to assume that trending topics—especially in developer communities—will be exploited, and brief employees accordingly.

If you're curious about Claude Code's internals, get them from Anthropic's official channels. The "unlocked" version on GitHub unlocks access to your credentials for threat actors.