Alert Across the Internet! Claude Code Source Code Leak Triggers "Secondary Disaster": Hackers Set GitHub Phishing Traps

marsbit2026-04-03 tarihinde yayınlandı2026-04-03 tarihinde güncellendi

Özet

A major security alert is circulating online following the accidental leak of Claude Code's source code by Anthropic. Hackers are exploiting the incident by creating fake GitHub repositories that distribute the information-stealing malware known as **Vidar**. Posing as a user named `idbzoomh`, the threat actor set up multiple repositories claiming to offer "unlocked enterprise features" from the leaked source code. These repositories are optimized for search engines to appear at the top of results for queries like “Claude Code leak,” increasing their reach. If a user downloads and executes the provided files, the Vidar malware is deployed. It is a sophisticated stealer designed to harvest sensitive data such as browser credentials, cryptocurrency wallets, and personal information. The attack also installs **GhostSocks**, a proxy tool that establishes hidden communication channels for remote control and data exfiltration. Security firm Zscaler notes that these malicious repositories update frequently, making it easier to bypass basic security scans. At least two similar repositories have been identified, suggesting the same attacker is testing different distribution methods. This incident highlights the compound risks in the AI era, where initial human error leads to secondary threats like social engineering. Developers are urged to obtain software only through official channels and avoid executing untrusted binaries.

According to an April 2nd report, the Claude Code source code leak incident caused by an Anthropic human error continues to escalate. Currently, hackers have exploited this hot topic to spread information-stealing malware named Vidar via fake repositories on GitHub.

Upgraded Bait: Claiming to "Unlock Enterprise-Level Features"

Monitoring reports from security company Zscaler show that a user named idbzoomh has created multiple fake repositories on GitHub.

Precision Phishing: The hacker claims in the repository description to provide leaked source code that "unlocks enterprise features," luring eager developers to download it.
SEO Optimization: To maximize the impact, the attackers optimized for search engine keywords, causing these malicious repositories to often rank at the top when users search for terms like "Claude Code leak".

Virus Profile: Vidar Infiltrates, Data "Relocated"

Once users are deceived into downloading and executing the contained executable files, the system is quickly compromised:

Information Theft: The implanted Vidar is a highly mature malware on the dark web, specifically designed to harvest browser account passwords, cryptocurrency wallets, and various types of sensitive personal information.
Persistent Latency: The virus also simultaneously deploys the GhostSocks proxy tool, setting up a secret channel for subsequent remote control and data exfiltration.

Risk Warning: Beware of "Free Lunches" from Unofficial Channels

Security researchers point out that the malicious compressed files in these fake repositories are updated at an extremely high frequency, making them easy to bypass basic security detection. At least two repositories with similar tactics have been discovered so far, suspected to be tests of different propagation strategies by the same attacker.

Industry Observation: The "Chain Set" of AI Security

From Anthropic's source code packaging mistake to hackers secondarily exploiting the hot topic for phishing, this incident reflects the complexity of security risks in the AI era. When the developer community becomes the target of attacks, basic digital literacy—not running binaries from unknown sources—remains the last line of defense.

Editors remind all developers: Please be sure to obtain tools through official Anthropic channels. Do not fall into the traps carefully designed by hackers out of curiosity or the pursuit of "cracked features."

İlgili Sorular

QWhat is the primary malware being distributed through the fake GitHub repositories related to the Claude Code leak?

AThe primary malware being distributed is called Vidar, which is a sophisticated information-stealing malware known for harvesting browser credentials, cryptocurrency wallets, and other sensitive personal data.

QHow are the attackers making their fake GitHub repositories more visible to potential victims?

AThe attackers are using Search Engine Optimization (SEO) techniques by including popular keywords like 'Claude Code leak' in the repository descriptions, causing these malicious repositories to appear at the top of search results.

QWhat additional tool does the Vidar malware deploy on an infected system to maintain persistence and enable data exfiltration?

AThe Vidar malware also deploys a tool called GhostSocks, which is a proxy utility that creates a secret channel for remote control and ongoing data exfiltration from the compromised system.

QWhat human error at Anthropic initially led to the situation that hackers are exploiting?

AThe initial event was a source code leak of Claude Code caused by a human error at Anthropic, where the code was mistakenly made available, creating the opportunity for hackers to use it as a lure.

QWhat is the main advice from security researchers to developers to avoid falling victim to these traps?

AThe main advice is to only obtain tools through official Anthropic channels and to avoid downloading or running binary files from unverified sources, emphasizing that basic digital hygiene is the last line of defense.

İlgili Okumalar

Can a Hair Dryer Earn $34,000? Deciphering the Reflexivity Paradox in Prediction Markets

An individual manipulated a weather sensor at Paris Charles de Gaulle Airport with a portable heat source, causing a Polymarket weather market to settle at 22°C and earning $34,000. This incident highlights a fundamental issue in prediction markets: when a market aims to reflect reality, it also incentivizes participants to influence that reality. Prediction markets operate on two layers: platform rules (what outcome counts as a win) and data sources (what actually happened). While most focus on rules, the real vulnerability lies in the data source. If reality is recorded through a specific source, influencing that source directly affects market settlement. The article categorizes markets by their vulnerability: 1. **Single-point physical data sources** (e.g., weather stations): Easily manipulated through physical interference. 2. **Insider information markets** (e.g., MrBeast video details): Insiders like team members use non-public information to trade. Kalshi fined a剪辑师 $20,000 for insider trading. 3. **Actor-manipulated markets** (e.g., Andrew Tate’s tweet counts): The subject of the market can control the outcome. Evidence suggests Tate’sociated accounts coordinated to profit. 4. **Individual-action markets** (e.g., WNBA disruptions): A single person can execute an event to profit from their pre-placed bets. Kalshi and Polymarket handle these issues differently. Kalshi enforces strict KYC, publicly penalizes insider trading, and reports to regulators. Polymarket, with its anonymous wallet-based system, has historically been more permissive, arguing that insider information improves market accuracy. However, it cooperated with authorities in the "Van Dyke case," where a user traded on classified government information. The core paradox is reflexivity: prediction markets are designed to discover truth, but their financial incentives can distort reality. The more valuable a prediction becomes, the more likely participants are to influence the event itself. The market ceases to be a mirror of reality and instead shapes it.

marsbit36 dk önce

Can a Hair Dryer Earn $34,000? Deciphering the Reflexivity Paradox in Prediction Markets

marsbit36 dk önce

Analyst Reveals Accumulation Level For Dogecoin Before It Rallies To $2

A crypto analyst, Crypto Patel, predicts that Dogecoin (DOGE) could rally to $2, despite currently trading below $0.10. The analyst identifies a key accumulation zone between $0.07 and $0.09, where DOGE has repeatedly tested support without breaking down. Based on a bi-weekly chart using Elliott Wave theory, DOGE is in a Wave 4 consolidation phase within a descending channel. A bounce from this support is expected to trigger a Wave 5 rally, projecting a 2,767% surge toward $2. Price targets are set sequentially at $0.50, $1, and $2, with a stop-loss below $0.048. For a bullish trend reversal, DOGE must break above the $0.10 resistance level, which was recently rejected in April. Analysts emphasize that market conditions and a confirmed higher high are critical for the projected uptrend.

bitcoinist56 dk önce

Analyst Reveals Accumulation Level For Dogecoin Before It Rallies To $2

bitcoinist56 dk önce

Weekly Editor's Picks (0418-0424)

Weekly Editor's Picks (0418-0424) provides in-depth analysis on key developments across macro trends, crypto markets, and policy. Key topics include the oil market nearing a physical supply crisis due to shipping disruptions, even if the Strait of Hormuz reopens. In crypto, reports cover global consumer crypto adoption, a data-driven strategy for trading volatile altcoins, and the state of VC funding. Prediction markets like Polymarket are analyzed not as pure event-guessing games but as systems where understanding legalistic rules creates an edge. Major DeFi protocol Aave is criticized for poor crisis management amid a $300M exploit, while the controversial structure of World Liberty Financial is examined. Other highlights include policy updates like the CLARITY Act, Ethereum’s, airdrop opportunities, and weekly recaps of major incidents like the Kelp DAO hack and SpaceX's AI disclosures.

marsbit1 saat önce

Telegram Founder Claims French Officials Sold Crypto Data, Linked To 41 Kidnaps

Telegram founder Pavel Durov has accused French officials of selling crypto owners’ data to criminals, linking it to a sharp rise in kidnappings. France has seen 41 crypto-related kidnappings this year, part of a growing international trend known as “wrench attacks.” Durov criticized French policies requiring identity data and access to private messages, arguing that increased data flow leads to more leaks and victims. The incidents, which began in late 2024, have escalated significantly in 2026, now accounting for over half of all organized kidnappings tracked by French intelligence. In response, the government plans a broader crackdown, including a dedicated police unit, improved international coordination, and a new prevention platform for threat alerts and security guidance.

bitcoinist1 saat önce

Telegram Founder Claims French Officials Sold Crypto Data, Linked To 41 Kidnaps

bitcoinist1 saat önce

First Day Review of "Musk's WeChat" XChat: Even Worse Than Expected

Elon Musk's much-anticipated "WeChat-like" app, XChat, has officially launched after multiple delays. The initial review reveals a product that falls short of expectations, offering an experience largely similar to X Platform's (formerly Twitter) direct messages, despite being marketed as an encrypted communication tool. Key observations from the first-day test include: 1. The app's promoted "end-to-end encryption" and its claimed relation to Bitcoin's architecture were criticized by experts as a superficial attempt to capitalize on crypto buzz, with no real technical connection. 2. Musk's vision of an ad-free "secure communication system" is technically met, but only because the app is currently extremely basic, featuring only a single chat interface. 3. A promised anti-screenshot feature appears inconsistent; it works in X Platform group chats but fails within the XChat app itself, where screenshots still capture avatars. 4. The app supports 45 languages and has a 16+ age rating, indicating a broader tolerance for content compared to WeChat's 13+ rating. 5. A puzzling login process requires users to verify the email associated with their X account. 6. The touted encryption" feels minimal in practice, with its presence only indicated by a simple "Encrypted - Yes" label on messages. 7. Disappearing message timers for groups can be set from 5 minutes to 4 weeks, with the timer starting upon being read by a user. 8. Group invite links are shared with X Platform groups. 9. Group size limits are planned to be increased, aiming for 1000 members, a move that has drawn user criticism. 10. The app offers 8 different colored icons, and its chat bubbles are notably similar to WeChat's. Message deletion options mimic Telegram's. Crucially, many pre-announced features like importing X contacts, integrating Grok AI, X Money payments, and Cashtags are not yet available. The initial release is seen as a bare-bones and underwhelming first step.

Odaily星球日报1 saat önce

First Day Review of "Musk's WeChat" XChat: Even Worse Than Expected

Odaily星球日报1 saat önce

İşlemler

Spot

Futures