Threat actors are exploiting widespread curiosity about a leaked Anthropic source code incident to distribute a dangerous dual-payload malware package combining the Vidar infostealer and GhostSocks proxy malware. The campaign uses fake GitHub repositories impersonating the leaked Claude Code codebase to lure developers and security researchers into downloading and executing a Rust-based dropper that silently installs both threats on the victim’s machine.
The Original Leak and How Attackers Exploited It
On March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code through a 59.8 MB JavaScript source map file bundled in the public npm package @anthropic-ai/claude-code version 2.1.88. The leaked file contained approximately 513,000 lines of unobfuscated TypeScript across 1,906 files, revealing the complete client-side agent harness — an event that generated significant attention across developer communities, security forums, and social media platforms.
Within 24 hours of the leak becoming widely known, threat actors had already stood up malicious GitHub repositories impersonating the leaked codebase. These repositories were designed to look like unofficial mirrors or archives of the exposed source code — exactly the kind of repository that a curious developer or security researcher might seek out.
How the Attack Works
The malicious repositories host a ZIP archive in their releases section, typically named something like Claude Code – Leaked Source Code (.7z). When extracted and executed, the archive delivers a Rust-based dropper named ClaudeCode_x64.exe that installs two distinct malware payloads:
- Vidar v18.7 (infostealer): A mature, full-featured credential and data theft tool. Vidar targets over 200 browser extensions, harvests stored cookies, saved passwords, autocomplete data, and session tokens from all major browsers, and exfiltrates cryptocurrency wallet data from extensions including MetaMask, Phantom, and Coinbase Wallet. It also targets password managers such as Bitwarden, LastPass, and KeePass.
- GhostSocks (proxy malware): A SOCKS5-based proxy agent that enrolls the infected machine as a residential proxy node. Operators sell access to these nodes through proxy-as-a-service platforms, routing malicious traffic — including credential stuffing attacks, fraud operations, and further intrusions — through the victim’s IP address and internet connection.
The Rust dropper is the initial stage: it downloads and installs both payloads silently, establishes persistence, and terminates without leaving obvious artifacts in the user’s Downloads folder or recently-run-programs list.
Part of a Larger Rotating-Lure Campaign
Researchers tracking the infrastructure behind these fake Claude Code repositories have linked the campaign to a broader operation that has been running since at least February 2026. The same threat actors have cycled through more than 25 distinct software brands as lures, rotating to whichever tool is generating news-driven search traffic at any given time. Previous lures have included fake leaked source code for other developer tools, cracked versions of popular IDEs, and pirated AI model weights.
This rotating-lure approach makes the campaign particularly resilient: takedowns of individual repositories are quickly replaced with new ones leveraging the next trending topic, and the core dropper infrastructure remains consistent across lures.
Vidar’s Continued Evolution
Vidar’s appearance in this campaign is consistent with its growing prominence in 2026. Released as version 2.0 in October 2025 and operated under a Malware-as-a-Service (MaaS) model, Vidar has consistently ranked as the top credential stealer by volume on underground markets this year. Its latest version — deployed in this campaign as v18.7 — conceals second-stage payloads inside JPEG image files and TXT documents, making it substantially harder for endpoint security products to detect.
The combination of Vidar and GhostSocks is a particularly efficient monetization strategy for threat actors: Vidar immediately harvests and exfiltrates credentials and cryptocurrency assets, while GhostSocks generates ongoing passive income by routing malicious traffic through the compromised machine — often for weeks or months after the initial infection.
Who Is at Risk
The primary targets of this campaign are developers, DevSecOps engineers, and security researchers who may have sought out the Claude Code source leak out of professional curiosity. Because the repositories are styled to look like legitimate developer resources — complete with README files, directory structures, and GitHub release tags — victims may execute the dropper without suspicion, expecting to browse source code.
Recommendations
- Do not download unofficial archives or GitHub repositories claiming to contain leaked AI tool source code.
- Verify repository legitimacy before executing any binary, particularly Rust-compiled executables distributed through recently-created GitHub accounts with no contribution history.
- Scan with EDR tools that detect Vidar v18.7 signatures and GhostSocks SOCKS5 beacon patterns.
- Rotate credentials immediately if you believe you may have executed a suspicious binary from a leaked-code repository in recent weeks.
- Monitor outbound SOCKS5 connections from developer workstations as an indicator of potential GhostSocks infection.