Alert Across the Internet! Claude Code Source Code Leak Triggers "Secondary Disaster": Hackers Set GitHub Phishing Traps

marsbit2026-04-03 tarihinde yayınlandı2026-04-03 tarihinde güncellendi

Özet

A major security alert is circulating online following the accidental leak of Claude Code's source code by Anthropic. Hackers are exploiting the incident by creating fake GitHub repositories that distribute the information-stealing malware known as **Vidar**. Posing as a user named `idbzoomh`, the threat actor set up multiple repositories claiming to offer "unlocked enterprise features" from the leaked source code. These repositories are optimized for search engines to appear at the top of results for queries like “Claude Code leak,” increasing their reach. If a user downloads and executes the provided files, the Vidar malware is deployed. It is a sophisticated stealer designed to harvest sensitive data such as browser credentials, cryptocurrency wallets, and personal information. The attack also installs **GhostSocks**, a proxy tool that establishes hidden communication channels for remote control and data exfiltration. Security firm Zscaler notes that these malicious repositories update frequently, making it easier to bypass basic security scans. At least two similar repositories have been identified, suggesting the same attacker is testing different distribution methods. This incident highlights the compound risks in the AI era, where initial human error leads to secondary threats like social engineering. Developers are urged to obtain software only through official channels and avoid executing untrusted binaries.

According to an April 2nd report, the Claude Code source code leak incident caused by an Anthropic human error continues to escalate. Currently, hackers have exploited this hot topic to spread information-stealing malware named Vidar via fake repositories on GitHub.

Upgraded Bait: Claiming to "Unlock Enterprise-Level Features"

Monitoring reports from security company Zscaler show that a user named idbzoomh has created multiple fake repositories on GitHub.

Precision Phishing: The hacker claims in the repository description to provide leaked source code that "unlocks enterprise features," luring eager developers to download it.
SEO Optimization: To maximize the impact, the attackers optimized for search engine keywords, causing these malicious repositories to often rank at the top when users search for terms like "Claude Code leak".

Virus Profile: Vidar Infiltrates, Data "Relocated"

Once users are deceived into downloading and executing the contained executable files, the system is quickly compromised:

Information Theft: The implanted Vidar is a highly mature malware on the dark web, specifically designed to harvest browser account passwords, cryptocurrency wallets, and various types of sensitive personal information.
Persistent Latency: The virus also simultaneously deploys the GhostSocks proxy tool, setting up a secret channel for subsequent remote control and data exfiltration.

Risk Warning: Beware of "Free Lunches" from Unofficial Channels

Security researchers point out that the malicious compressed files in these fake repositories are updated at an extremely high frequency, making them easy to bypass basic security detection. At least two repositories with similar tactics have been discovered so far, suspected to be tests of different propagation strategies by the same attacker.

Industry Observation: The "Chain Set" of AI Security

From Anthropic's source code packaging mistake to hackers secondarily exploiting the hot topic for phishing, this incident reflects the complexity of security risks in the AI era. When the developer community becomes the target of attacks, basic digital literacy—not running binaries from unknown sources—remains the last line of defense.

Editors remind all developers: Please be sure to obtain tools through official Anthropic channels. Do not fall into the traps carefully designed by hackers out of curiosity or the pursuit of "cracked features."

İlgili Sorular

QWhat is the primary malware being distributed through the fake GitHub repositories related to the Claude Code leak?

AThe primary malware being distributed is called Vidar, which is a sophisticated information-stealing malware known for harvesting browser credentials, cryptocurrency wallets, and other sensitive personal data.

QHow are the attackers making their fake GitHub repositories more visible to potential victims?

AThe attackers are using Search Engine Optimization (SEO) techniques by including popular keywords like 'Claude Code leak' in the repository descriptions, causing these malicious repositories to appear at the top of search results.

QWhat additional tool does the Vidar malware deploy on an infected system to maintain persistence and enable data exfiltration?

AThe Vidar malware also deploys a tool called GhostSocks, which is a proxy utility that creates a secret channel for remote control and ongoing data exfiltration from the compromised system.

QWhat human error at Anthropic initially led to the situation that hackers are exploiting?

AThe initial event was a source code leak of Claude Code caused by a human error at Anthropic, where the code was mistakenly made available, creating the opportunity for hackers to use it as a lure.

QWhat is the main advice from security researchers to developers to avoid falling victim to these traps?

AThe main advice is to only obtain tools through official Anthropic channels and to avoid downloading or running binary files from unverified sources, emphasizing that basic digital hygiene is the last line of defense.

İlgili Okumalar

The Ambitions of Kalshi, MTS, and a16z

"Kalshi, MTS, and a16z's Ambition" explores prediction markets as a focal point for investors in 2025. The article traces their intellectual evolution from Hayek's ideas on distributed knowledge to Robin Hanson's logarithmic market scoring rule (LMSR), which incentivizes truth-telling. Venture firm Andreessen Horowitz (a16z) invested in prediction market platform Kalshi, valuing it at $220 billion. a16z argues these markets offer "presence"—a way for individuals to actively engage with and influence world events through financial bets, countering modern detachment. This transforms participants into "super observers" and grants the platform authority in defining event truth and importance. The piece positions prediction markets as a key component of a16z's envisioned "new media" empire. This strategy involves rapid, high-intensity content across platforms to "take over the timeline." Media company MTS exemplifies this with its constant news livestreams. Ultimately, Kalshi's value lies in its "reality distortion field"—the power to shape perception through the credibility of real-money markets, making it a potent tool within a16z's broader media and influence architecture.

marsbit20 dk önce

marsbit20 dk önce

Breaking: OpenAI Chip Veteran Joins Anthropic

Breaking News: OpenAI Chip Veteran Joins Anthropic Clive Chan, a key early member of OpenAI's in-house chip development team, has announced his departure from OpenAI to join rival AI company Anthropic. In his statement, Chan highlighted his experience as the second hire on OpenAI's hardware team, praising its exceptional talent density but expressing a desire to "climb a new mountain from the base." He cited Anthropic's talent, values, and ambitious pace as key reasons for his move. Chan also referenced OpenAI's disclosed partnership with Broadcom, aimed at deploying a 10GW AI accelerator system starting in the second half of 2026. His career includes roles at Tesla, Google, and SpaceX, focusing on AI infrastructure and hardware. This move continues a notable trend of talent flow from OpenAI to Anthropic, following other high-profile departures like researcher Andrej Karpathy. With Anthropic's recent $65 billion funding round valuing it near $1 trillion, the competition for top AI talent between these leading firms remains intense.

marsbit20 dk önce

Breaking: OpenAI Chip Veteran Joins Anthropic

marsbit20 dk önce

a16z's Globalization Shift: Venture Capital Is Becoming the 'Driving Force' for the U.S. Tech Alliance

a16z is making a significant shift in its globalization strategy, positioning itself not just as a global investor but as a key player in aligning technology with the national security and competitive interests of the United States and its allies. The firm’s recent initiatives, including opening a Tokyo office and appointing Anne Neuberger—a former U.S. government official with deep experience in defense and technology—as Global Affairs Lead, underscore this move. It highlights how venture capital’s role is expanding beyond funding and advice to helping startups navigate complex international regulations, geopolitics, and strategic partnerships in critical sectors like AI, cybersecurity, defense tech, and supply chain resilience. By rebranding its investor relations team as the Global Partnership Team and leveraging its extensive network to connect founders with global capital and key stakeholders, a16z aims to be a "behind-the-scenes force" for scaling companies internationally. The firm has already made over 100 international investments. Ultimately, a16z frames its mission as twofold: empowering founders to build great companies and, now, actively supporting the technological leadership and alliance networks of the U.S. and its allies in an era of heightened global competition.

marsbit32 dk önce

a16z's Globalization Shift: Venture Capital Is Becoming the 'Driving Force' for the U.S. Tech Alliance

marsbit32 dk önce

Uncovering the Truth About Agent Commerce, Payments, and Infrastructure

Decoding Agent Commerce, Payments, and Infrastructure: The Reality Over the past year, I've been building infrastructure for the Agent economy, engaging with major players like Stripe, Visa, Coinbase, Google, and dozens of startups. A clear conclusion emerges: true, large-scale demand does not yet exist. Startups face structural challenges. Data points illustrate this gap. Stripe's Agent commerce platform has over 1,000 merchants but only single-digit transacting agents. Visa's Agent payment token requires 9-month KYC and a $250M revenue threshold, accessible only to giants like Amazon. On-chain analysis reveals actual daily Agent transaction volume is around $17k, half of which are test transactions. The article analyzes four potential markets: **1. Agent-to-Merchant (A2M):** Current AI shopping UX is often inferior to traditional e-commerce for visual, comparison-heavy purchases (clothing, electronics). Chat interfaces are a step back. Real merchant interest is defensive "Agent Engine Optimization," fearing future obsolescence, not current demand. Potential exists in high-frequency, low-decision purchases (e.g., food delivery) or simplifying terrible UX (complex checkouts, non-native shoppers), but these require massive consumer distribution channels dominated by giants like DoorDash and Amazon. **2. Agent-to-API (A2A):** Developers already have subscriptions and billing for core APIs (compute, data). The argument for micro-payments via crypto for sub-dollar API calls is addressed by pre-paid balances today. The deeper issue is supplier resistance; major SaaS firms rely on enterprise contracts, not fractional cent pricing. Opportunity lies in the long tail of niche services, but this is a smaller market catering to developers, a historically low-paying group. **3. Agent-to-Agent (A2A):** This remains a theoretical long-term vision with near-zero current transaction volume. It involves unique challenges: discovery, trust, negotiation, dispute resolution. When it materializes, it will require a fundamentally new settlement infrastructure for high-speed, variable-value, multi-party transactions. It's a real long-term bet, but not the current market. **4. Agent-to-Finance (A2F):** This is the only category with existing, paying demand. Integrating AI into financial workflows (trading, portfolio management) is a natural evolution and enables new capabilities like autonomous rebalancing. However, competition favors incumbents with regulatory licenses, compliance infrastructure, and existing client relationships. **The Real Issue:** Why is infrastructure still being built? Incumbents can afford long-term bets, and payment companies see every problem as a nail for their payment hammer. However, payment is just one piece. The core challenge is *coordination*—orchestrating work between Agents and humans, verifying outcomes, and settling results. Payment is part of settlement, which is part of coordination. Companies that solve the coordination problem will subsume payments, not the other way around. Startups lack the infinite runway of giants and must find today's real market, which, after a year of exploration, lies outside these four categories—in an area with real, growing, and underserved activity.

marsbit38 dk önce

Uncovering the Truth About Agent Commerce, Payments, and Infrastructure

marsbit38 dk önce

Kalshi, MTS, and a16z's Ambition

The article "Kalshi, MTS, and a16z's Ambition" explores prediction markets as a focal point of excitement in 2025 for investors, crypto enthusiasts, and media. It traces their intellectual lineage from Friedrich Hayek's ideas on dispersed knowledge and market coordination to Robin Hanson's Logarithmic Market Scoring Rule (LMSR), which incentivizes truthful information sharing. The piece argues that a16z's significant investment in prediction market platform Kalshi (valued at $220B) transcends mere financial speculation. a16z frames prediction markets as a new form of "media" that provides "presence"—a way for individuals to actively engage with and influence world events through financial stakes, countering postmodern detachment. By wagering on outcomes, users become "super observers," and the market's aggregated probabilities gain authoritative power to define event truth and importance. The article uses media company MTS ("Monitoring The Situation") as a case study of a16z's "new media" strategy: rapidly producing high-intensity, multi-format content to "take over the timeline." However, prediction markets like Kalshi are presented as the ultimate piece in this media empire. Their real-money, crowd-sourced probabilities possess a unique "reality distortion field" and perceived objectivity, potentially swaying public opinion and granting a private company unprecedented interpretive power over reality. Ultimately, Kalshi's immense valuation is attributed not just to its exchange model, but to its role as a foundational component in a16z's envisioned new media landscape, where prediction markets define narrative and truth.

链捕手38 dk önce

İşlemler

Spot

Futures