BotBeat
...
← Back

> ▌

AnthropicAnthropic
POLICY & REGULATIONAnthropic2026-04-05

Anthropic's Claude Code Leak Weaponized by Hackers to Distribute Vidar and GhostSocks Malware

Key Takeaways

  • ▸Anthropic's Claude Code source code was accidentally exposed in a public npm package, containing over 500,000 lines of sensitive TypeScript code
  • ▸Attackers created malicious repositories impersonating the leaked code to distribute Vidar information stealer and GhostSocks malware to developer workstations
  • ▸The leaked internal mechanisms and shell execution capabilities enable threat actors to craft precise exploits that could enable silent device takeovers
Source:
Hacker Newshttps://cybersecuritynews.com/claude-code-leak-to-spread-vidar-and-ghostsocks-malware/↗

Summary

Anthropic suffered a significant security incident on March 31, 2026, when a packaging error in a public npm package inadvertently exposed the complete source code for Claude Code, the company's flagship terminal-based coding assistant. The leak contained over 500,000 lines of unobfuscated TypeScript code, which was quickly mirrored across GitHub and forked tens of thousands of times after public disclosure by security researcher Chaofan Shou.

Cybercriminals have rapidly weaponized the leak to launch supply chain attacks targeting developers. Zscaler ThreatLabz researchers discovered malicious GitHub repositories impersonating the legitimate leaked code, with one repository by threat actor idbzoomh ranking near the top of search results. These fake repositories distribute a Rust-based dropper that deploys Vidar information stealer and GhostSocks network proxy malware to compromise developer workstations.

The exposure is particularly dangerous because the leaked codebase reveals sensitive internal mechanisms including shell execution capabilities, permission layers, and hidden feature flags that attackers can exploit to craft precise exploits. Threat actors can potentially trigger silent device takeovers or credential theft by tricking developers into cloning untrusted repositories or opening specially crafted project files. Security teams are urging developers to avoid downloading code from unofficial sources and implement Zero Trust architecture with network segmentation to limit potential damage.

  • Organizations should implement Zero Trust architecture, avoid unofficial code sources, and monitor for anomalous network connections and unexpected npm packages
CybersecurityAI Safety & AlignmentPrivacy & Data

More from Anthropic

AnthropicAnthropic
POLICY & REGULATION

100+ Authors Sue Anthropic for $75M Over Pirated Books Used to Train Claude

2026-07-05
AnthropicAnthropic
OPEN SOURCE

Claude Fable Helps Finalize sqlite-utils 4.0 Release, Uncovering Critical Data-Loss Bugs for $149

2026-07-05
AnthropicAnthropic
PRODUCT LAUNCH

Local MCP: Free macOS Tool Gives Claude, ChatGPT Direct Access to Local Files and Apps

2026-07-05

Comments

Suggested

Unknown LLM ProviderUnknown LLM Provider
RESEARCH

First Documented AI Agent-Led Ransomware Attack Demonstrates "Agentic Threat Actors" Era

2026-07-05
MidjourneyMidjourney
RESEARCH

Midjourney and Other AI Image Generators Perpetuate Global Stereotypes, Analysis Reveals

2026-07-05
ComplianceAgentComplianceAgent
OPEN SOURCE

ComplianceAgent: Open-Source CLI Tool Automates EU AI Act Compliance Scanning

2026-07-05
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us