Claude Code Leak Used to Push Infostealer Malware on GitHub

The recent exposure of Anthropic’s Claude Code has created a fertile hunting ground for cybercriminals seeking to weaponize AI tools. By repackaging the leaked source as seemingly legitimate GitHub repositories, attackers bypass traditional security checks that rely on reputation and known signatures. The Vidar infostealer, already notorious for harvesting browser credentials, cookies, and system information, now enjoys a streamlined delivery mechanism that reaches developers directly at the point of code acquisition. This tactic reflects a growing trend where threat actors exploit open‑source and AI‑related leaks to embed malware in the software supply chain, blurring the line between legitimate innovation and malicious code.

From a defensive standpoint, organizations must rethink their intake controls for third‑party code. Automated scanning tools should be complemented with provenance verification, such as checking repository ownership, commit histories, and digital signatures. Endpoint protection that monitors anomalous behavior—like unexpected network connections or attempts to access credential stores—can catch Vidar’s activity before data exfiltration occurs. Moreover, educating developers about the risks of cloning unknown repositories and encouraging the use of vetted package managers can reduce the attack surface.

The Claude Code incident also raises broader questions about the responsibility of AI developers in safeguarding their code. Prompt disclosure, coordinated vulnerability handling, and rapid takedown of malicious forks are essential to limit the window of exploitation. As AI agents become more capable of interacting directly with operating systems, the potential impact of their misuse will only grow, making proactive supply‑chain security a strategic imperative for the tech industry.