SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Claude Source Code Leaked? But Watch Out for What You Might be Downloading
Date    Monday April 06, @04:11PM
Author    hubie
Topic   
from the dept.
https://soylentnews.org/article.pl?sid=26/04/05/0226201

Claude source code leaked?

coolgopher writes:

The date makes it suspicious, but both the accidental publishing of source and the tear down sounds all too plausible.

https://neuromatch.social/@jonny/116324676116121930

What's anthropic going to do, sue them? Insist in court that LLM recreating copyrighted code is a violation of copyright???

The 1 Apr Download of 'Leaked' Claude Code Source Contains Malware

Arthur T Knackerbracket writes:

Source code with a side of Vidar stealer and GhostSocks

Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware.

A malicious GitHub repository published by idbzoomh uses the Claude Code exposure as a lure to trick people into downloading malware, including Vidar, an infostealer that snarfs account credentials, credit card data, and browser history; and GhostSocks, which is used to proxy network traffic. 

Zscaler's ThreatLabz researchers came across the repo while monitoring GitHub for threats, and said it's disguised as a leaked TypeScript source code for Anthropic's Claude Code CLI. 

"The README file even claims the code was exposed through a .map file in the npm package and then rebuilt into a working fork with 'unlocked' enterprise features and no message limits," the security sleuths said in a Thursday blog.

They added that the GitHub repository link appeared near the top of Google results for searches like "leaked Claude Code." While that was no longer the case at The Register's time of publication, at least two of the developer's trojanized Claude Code source leak repos remained on GitHub, and one of them had 793 forks and 564 stars.

[...] In March, security shop Huntress warned about a similar malware campaign using OpenClaw, the already risky AI agent platform, as a GitHub lure to deliver the same two payloads.

Both of these illustrate how quickly criminals move to take a buzzy new product or news event (like OpenClaw and the Claude Code leak) and then abuse it for online scams and financial gain. "That kind of rapid movement increases the chance of opportunistic compromise, especially through trojanized repositories," the Zscaler team wrote.

The blog also includes a list of indicators of compromise, including the GitHub repositories with the trojanized Claude Code leak and malware hashes to help defenders in their threat-hunting efforts, so be sure to check that out - and, as always, be careful what you download. ®

Original Submission #1Original Submission #2

Links
  1. "coolgopher" - https://soylentnews.org/~coolgopher/
  2. "Arthur T Knackerbracket" - https://soylentnews.org/~Arthur+T+Knackerbracket/
  3. "Source code with a side of Vidar stealer and GhostSocks" - https://www.theregister.com/2026/04/02/trojanized_claude_code_leak_github/
  4. "Claude Code exposure" - https://www.theregister.com/2026/03/31/anthropic_claude_code_source_code/
  5. "Vidar" - https://www.theregister.com/2026/01/06/50_global_orgs_hacked/
  6. "GhostSocks" - https://malpedia.caad.fkie.fraunhofer.de/details/win.ghostsocks
  7. "said" - https://www.zscaler.com/blogs/security-research/anthropic-claude-code-leak
  8. "similar malware campaign using OpenClaw" - https://www.theregister.com/2026/03/04/fake_openclaw_installers_malware/
  9. "Original Submission #1" - https://soylentnews.org/submit.pl?op=viewsub&subid=68320
  10. "Original Submission #2" - https://soylentnews.org/submit.pl?op=viewsub&subid=68309
© Copyright 2026 - SoylentNews, All Rights Reserved

printed from SoylentNews, Claude Source Code Leaked? But Watch Out for What You Might be Downloading on 2026-04-22 23:37:00