According to a report on April 2, the source code leak of Claude Code caused by a human error at Anthropic is still ongoing. Currently, hackers are using this hotspot to spread information-stealing malware called Vidar through fake repositories on GitHub.

Bait Upgrade: Claiming "Unlock Enterprise Features"

Security company Zscaler's monitoring report shows that a user named idbzoomh has created multiple fake repositories on GitHub.

  • Precise Fishing: The hacker claims in the repository description to provide leaked source code that unlocks enterprise features, luring developers eager to try it out to download it.

  • SEO Optimization: To increase the impact, the attacker optimized keywords for search engines, causing these malicious repositories to often appear at the top when users search for keywords like "Claude Code leak."

Virus Profile: Vidar Infiltration, Data "Moving"

Once users fall for the trap and run the executable files, their systems will quickly be compromised:

  • Information Theft: The embedded Vidar is a highly mature malicious software in the dark web, specifically targeting browser account passwords, cryptocurrency wallets, and various sensitive personal information.

  • Persistent Eavesdropping: The virus also deploys GhostSocks proxy tools to set up secret channels for subsequent remote control and data transmission.

Risk Alert: Be Wary of "Free Lunch" from Unofficial Channels

Security researchers point out that these fake repositories have very high update frequencies, making them easy to bypass basic security detection. At least two similar repositories have already been discovered, suggesting they may be tests conducted by the same attacker using different distribution strategies.

Industry Observation: The "Chain of Security" in the AI Era

From the Anthropic source code packaging mistake to hackers exploiting the hot topic for phishing, this incident reflects the complexity of security risks in the AI era. When the developer community becomes a target, basic digital literacy—refraining from running binary files from unknown sources—remains the last line of defense.

Editor's Reminder to All Developers: Please obtain the tools through Anthropic's official channels. Never fall into the traps carefully designed by hackers due to curiosity or the pursuit of "cracked functions."