Full Report
Bill Toulas reports: Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from Anthropic, designed to execute coding tasks directly in the terminal and act as an autonomous agent, capable of direct system interaction, LLM API... Source
Analysis Summary
# Incident Report: Exploitation of Claude Code Leak via Vidar Malware
## Executive Summary
Threat actors are currently exploiting a high-profile source code leak of Anthropic’s "Claude Code" tool to distribute Vidar information-stealing malware. By creating fraudulent GitHub repositories that masquerade as the leaked source code, attackers are baiting developers into downloading and executing malicious payloads. The incident highlights a rapid "supply chain" style exploitation where a legitimate developer tool's exposure is immediately weaponized against the developer community.
## Incident Details
- **Discovery Date:** April 4, 2026 (Reported)
- **Incident Date:** March 31, 2026 (Initial Leak) – Ongoing (Malware Campaign)
- **Affected Organization:** Anthropic (Original leak source); Global developers (Malware targets)
- **Sector:** Technology / Artificial Intelligence / Software Development
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** March 31, 2026
- **Vector:** Accidental exposure via npm package.
- **Details:** Anthropic accidentally included a 59.8 MB JavaScript source map in a published npm package, exposing the full client-side source code of Claude Code.
### Lateral Movement
- **Details:** Following the leak, threat actors shifted to external platforms (GitHub) to host "mirrors" or "forks" of the leaked code, using these as a lure to draw in researchers and developers looking for the exposed intellectual property.
### Data Exfiltration/Impact
- **Details:** The primary impact is dual-pronged: Anthropic suffered intellectual property theft (source code leak), and victims downloading the fake repositories suffer from credential and data theft via Vidar malware.
### Detection & Response
- **How it was discovered:** Security researchers and journalists (Bleeping Computer/Bill Toulas) identified malicious GitHub repositories capitalizing on the trending search for "Claude Code."
- **Response actions taken:** General public warnings issued; identified malicious repositories are subject to platform takedown requests.
## Attack Methodology
- **Initial Access:** Social Engineering/SEO Poisoning. Attackers leverage the high interest in the Claude Code leak to trick users into downloading malicious files from GitHub.
- **Persistence:** Vidar malware typically establishes persistence through registry keys or scheduled tasks (standard for this family).
- **Defense Evasion:** Use of legitimate-looking GitHub repositories and naming conventions to bypass user suspicion.
- **Credential Access:** Vidar specializes in harvesting browser data, cookies, saved passwords, and digital wallets.
- **Discovery:** Standard system profiling by the malware once executed.
- **Collection:** Automated collection of system information and sensitive user files.
- **Exfiltration:** Data is sent via HTTP/HTTPS to attacker-controlled Command and Control (C2) servers.
- **Impact:** Theft of developer credentials, API keys, and sensitive environment variables.
## Impact Assessment
- **Financial:** High potential cost for victims due to stolen financial credentials and crypto-wallets.
- **Data Breach:** Exposure of Anthropic's proprietary source code; potential loss of victim personal identifiable information (PII).
- **Operational:** Disruption to developers whose accounts may be compromised and used for further supply chain attacks.
- **Reputational:** Significant brand damage to Anthropic regarding their secure release processes.
## Indicators of Compromise
- **File indicators:**
- JavaScript source maps (59.8 MB) associated with the original leak.
- Malicious executables bundled within fake "Claude Code" GitHub ZIP downloads.
- **Behavioral indicators:**
- Unexpected outbound traffic to known Vidar C2 infrastructures.
- Unauthorized access attempts to developer accounts (GitHub, AWS, etc.) following the download of the "leaked" code.
## Response Actions
- **Containment measures:** Removal of the compromised npm package version by Anthropic.
- **Eradication steps:** Takedown of fraudulent GitHub repositories hosting malware.
- **Recovery actions:** Impacted developers must rotate all API keys, passwords, and session tokens stored on infected machines.
## Lessons Learned
- **Sensitive Data in Build Pipelines:** This incident underscores the danger of including source maps (.map files) in production npm packages, which can fully reconstruct original source code.
- **Speed of Weaponization:** Threat actors can weaponize a corporate leak within 24–48 hours, creating a secondary "victim pool" among the security community and curious developers.
## Recommendations
- **For Organizations:** Implement CI/CD secrets scanning and automated checks to prevent source maps and sensitive files from being packaged in production releases.
- **For Developers:** Never download leaked source code or tools from unofficial third-party repositories. Treat "leaked" ZIP files on GitHub as high-risk delivery vehicles for malware.
- **Technical Controls:** Use Endpoint Detection and Response (EDR) solutions to identify and block the execution of info-stealers like Vidar.