Claude Code bait snaps shut.
Hungry for Anthropic’s leaked Claude Code source? That GitHub repo topping Google searches wasn’t handing out free enterprise unlocks. No, it was slinging Vidar stealer and GhostSocks proxy—nasty combo turning devs’ machines into credential piñatas and criminal VPNs.
Zscaler’s ThreatLabz spotted it first, buried in the rush over Anthropic’s oopsie: a .map file in their npm package spilling TypeScript guts. Picture this—eager coders, buzzing from the leak news, punch “leaked Claude Code” into search. Boom, idbzoomh’s trojan repo ranks high, README spinning yarns about rebuilt forks with no limits, enterprise perks activated.
And it worked. 793 forks, 564 stars on one clone alone. Downloads? Tens of thousands, per Zscaler. That .7z archive named “Claude Code - Leaked Source Code”? Pure poison. Unzip, run ClaudeCode_x64.exe—a Rust dropper—and Vidar v18.7 unfurls, hoovering browser creds, cards, history. GhostSocks? It hijacks your rig for traffic proxying, masking crooks’ tracks.
“The README file even claims the code was exposed through a .map file in the npm package and then rebuilt into a working fork with ‘unlocked’ enterprise features and no message limits,” the security sleuths said in a Thursday blog.
Here’s the thing. This isn’t sloppy phishing emails. It’s surgical—weaponizing GitHub’s trust, SEO juice, and AI hype. Criminals pounce in hours, not days. Remember OpenClaw last March? Huntress flagged the same Vidar-GhostSocks duo, luring with that sketchy AI agent platform. Pattern’s clear: buzzy AI drop + leak drama = instant scam vector.
How Does This GitHub Trap Actually Spring?
Step one: Leak hits—Anthropic’s Claude Code CLI source dribbles out via debug maps. Legit excitement brews; devs salivate for internals, maybe tweaks.
Crims clone the vibe. Repo pops up, SEO-optimized title, fake README echoing real leak details. Releases tab? Malicious .7z. Double-click that exe, and Rust payload extracts to %AppData%. Vidar phones home via HTTP/HTTPS, exfils data. GhostSocks lurks, waiting for C2 commands to route shady traffic.
Why Rust? Obfuscation gold—cross-platform, memory-safe(ish), compiles to tiny bins. Zscaler’s IOCs nail it: SHA256 hashes for the dropper, C2 domains like vidar[.]top. Defenders, hunt those.
But dig deeper—architectural shift here. GitHub’s stars/forks signal “legit.” Bad actors game it, forking real repos, injecting malice. It’s social engineering baked into dev workflows. npm’s .map exposure? Common in prod builds—Anthropic just got unlucky. Or careless.
One clone lingered with hundreds of stars. Google demoted the top hit by pub time, but stragglers persist. Platforms play whack-a-mole; crooks multiply repos.
Why Are Devs Falling for Claude Code Fakes?
AI gold rush mentality. Claude Code’s no toy—CLI for agentic coding, hoovers system intel (files, env vars). Leak promised peeks at that plumbing. Who wouldn’t peek?
Plus, FOMO. Stars climb fast, social proof kicks in. “564 others trusted this? Must be gold.”
Look, it’s the 90s warez scene reborn—cracked Photoshop zips bundled with BackOrifice. Back then, BBS downloads craved speed, skipped scans. Today? GitHub velocity trumps verification. My take: Anthropic’s PR spin calls it a “minor” map leak, but it spotlights how AI firms leak like sieves—recall Claude’s training data scrapes? This fuels the cycle, handing ammo to malware mills.
Bold prediction: Expect Claude 3.5 Sonnet leaks next, trojanized in 24 hours. Hype scales threats exponentially.
Vidar and GhostSocks: The Dynamic Duo Dissected
Vidar’s old-school nasty, evolved. Steals from Chrome, Firefox, Edge—cookies, autofill, crypto wallets. March 2024 campaigns hit 500k machines, per reports. Modular, rents cheap on underground markets.
GhostSocks? Proxy kingpin. SOCKS5 tunneling via victims’ IPs—perfect for DDoS, scraping bans, laundering attacks. Your dev box? Now a cog in crime’s wheel.
Zscaler flags rapid iteration: OpenClaw scam mirrored this exactly. “That kind of rapid movement increases the chance of opportunistic compromise, especially through trojanized repositories,” they note. Spot on—AI news cycles are crack to opportunists.
Architecturally, GitHub’s the weak link. No repo-scan mandates pre-release. Stars aren’t vetted. Solution? Client-side scanning in IDEs, like GitHub Copilot’s vuln checks—but ironic, AI scanning AI bait.
Anthropic patched the npm package, but damage lingers. Their leak revealed Claude Code’s prying eyes—system probes that’d make privacy hawks squirm. PR downplays; reality bites.
Single sentence warning: Verify hashes, scan zips, chase stars skeptically.
This scam’s canary in the coal mine. As AI tools leak source routinely (open weights incoming), malware evolves in lockstep. Devs, wake up—your next “unlock” might unlock hell.
🧬 Related Insights
- Read more: GravitySched: When Your Calendar Fights Back with Physics
- Read more: Diamante’s $1.5M Raise Arms Blockchain Against Quantum Doom
Frequently Asked Questions
What is Vidar malware and what does it steal?
Vidar’s an infostealer grabbing browser credentials, credit cards, crypto wallets, and history from major browsers.
How to spot fake Claude Code source downloads?
Check repo owner (not Anthropic), scan archives with VirusTotal, verify hashes from Zscaler’s blog—no stars guarantee safety.
Did Anthropic’s leak cause this malware wave?
It lit the fuse; their .map file exposure created the lure, but GitHub scams prey on any hype.
