Claude Code Source Code Leak Becomes a Target for Hackers: GitHub Phishing Traps Are Maniacally Harvesting Developers

Recently, the AI terminal tool Claude Code developed by Anthropic company has encountered a serious secondary security crisis. Due to a human error that accidentally exposed about 513,000 lines of front-end source code, hacker groups have quickly followed up and set up a large number of phishing traps.

These hackers have established multiple fake code repositories in technical communities such as GitHub, attempting to exploit developers' curiosity about the leaked source code for attacks. Security agencies have monitored that a user named idbzoomh is an active figure among them, luring downloads by providing so-called "unlocked" source code.

The Trojan Horse Mystery Behind Fake Repositories

These trap repositories often claim to offer "unlocked enterprise-level features" or "complete leaked versions." Once developers believe the deception and run the programs within, the system will silently install a malicious software called Vidar, which steals information.

Vidar is a well-established Trojan horse that is very active in the dark web, specifically targeting sensitive data from browsers. In addition to basic account passwords, it also precisely scans and steals users' cryptocurrency wallets and various private credentials.

Continuously Iterated Covert Attack Methods

To increase the success rate of deception, hackers have even optimized for search engines, making the fake repositories rank high in related keyword searches. This leads ordinary developers to easily click on these carefully disguised malicious links when searching for official documentation or tools.

Attackers have also deployed the GhostSocks proxy tool in the system, turning victims' devices into potential attack platforms. Currently, these fake repositories are updated extremely frequently, indicating that hackers are continuously testing new dissemination strategies.

Experts remind all technical personnel to obtain development tools only through official channels of Anthropic. They should remain highly vigilant against any "cracked" or "leaked project" that is not official, to avoid devastating damage to personal privacy and production environments.