Claude Code Leak Exploited to Deploy Infostealer Malware on GitHub

Recent security incidents have highlighted the risks posed by the Claude Code leak, as malicious actors exploit this situation to deploy Vidar infostealer malware. Claude Code, developed by Anthropic, is a terminal-based AI agent designed for coding tasks and system interactions. However, on March 31, Anthropic inadvertently exposed its complete client-side source code, resulting in significant security concerns.

Details of the Claude Code Leak

The leak occurred when a 59.8 MB JavaScript source map was mistakenly included in an npm package. This exposure revealed 513,000 lines of unobfuscated TypeScript across 1,906 files. The leaked code encompassed the agent’s orchestration logic, permissions, execution systems, hidden features, build details, and important security components.

How Threat Actors Exploit the Leak

Following the leak, the code was quickly downloaded and forked thousands of times on GitHub. Threat actors seized this opportunity, according to a report by cloud security company Zscaler. They deployed the Vidar infostealer through malicious repositories masquerading as legitimate leaks.

• The first malicious repository was created by a user named “idbzoomh.”
• This repository falsely claimed to offer “unlocked enterprise features” and no usage restrictions.
• To attract traffic, the repository was optimized for search engines, appearing at the top of Google Search results for queries like “leaked Claude Code.”

Malware Distribution Method

Curious users are lured into downloading a 7-Zip archive that contains a Rust-based executable named ClaudeCode_x64.exe. When this executable is launched, it deploys the Vidar infostealer along with the GhostSocks network traffic proxying tool. The malicious archive is regularly updated, indicating that other payloads may be included in future versions.

Additionally, researchers identified a second GitHub repository with similar malicious content. This repository includes a non-functional ‘Download ZIP’ button, likely maintained by the same threat actor experimenting with different delivery methods.

The Broader Context of GitHub Malware Distribution

Despite GitHub’s security measures, the platform has been previously utilized for distributing malicious payloads. In campaigns from late 2025, threat actors targeted inexperienced users by presenting repositories that claimed to provide proof-of-concept exploits for new vulnerabilities. Historically, attackers have exploited high-profile events for opportunistic cyber compromises.

This incident serves as a reminder of the importance of vigilance against malware threats, particularly in situations involving recently exposed software vulnerabilities.