Hackers are using Anthropic’s Claude Code source leak as bait to spread malware. Within hours of the accidental exposure on March 31, 2026, threat actors set up fake GitHub repositories designed to trick developers into downloading credential-stealing payloads disguised as the leaked codebase.
The leak happened because of a packaging error, as TechJuice reported earlier. Anthropic accidentally included a 59.8 MB JavaScript source map file in the public npm package for Claude Code, its terminal-based AI coding assistant.
The file contained over 513,000 lines of unobfuscated TypeScript across 1,906 files, exposing the tool’s internal orchestration logic, permission layers, execution systems and hidden feature flags. There were no AI model weights or user data. Security researcher Chaofan Shou disclosed the leak on social media. The code was rapidly mirrored on GitHub and forked tens of thousands of times.
Zscaler’s ThreatLabz researchers identified a malicious repository titled “Leaked Claude Code” that claimed to offer a rebuilt fork with unlocked enterprise features and no usage limits. Before removal, the link appeared near the top of Google search results.
Users who downloaded it received a 7-Zip archive containing a Rust-based executable named ClaudeCode_x64.exe. When launched, it deployed Vidar v18.7, a known information stealer that collects browser data, saved passwords, cookies and cryptocurrency wallet details. It also deployed GhostSocks, which turns infected machines into residential proxies for routing malicious traffic.
In March, Huntress detected a similar campaign using fake OpenClaw installers on GitHub to deliver the same Vidar and GhostSocks combination. Attackers are also typosquatting internal npm package names to stage dependency confusion attacks against developers trying to compile the leaked source.
Users who installed or updated Claude Code via npm on March 31 between 00:21 and 03:29 UTC (i.e., 05:21 AM and 08:29 AM Pakistan Standard Time) face additional risk. Malicious actors also distribted trojanized HTTP client containing a remote access trojan during that window. Those users should downgrade immediately and rotate all credentials.
