They thought they were downloading Claude Code source. They got a nasty dose of malware instead
Summary
Malicious actors are distributing malware disguised as leaked source code for Anthropic's Claude AI. Tens of thousands of users downloaded these compromised files, which contained Vidar stealer and GhostSocks malware, aiming to steal credentials.
IFF Assessment
FOE
The discovery of malware disguised as legitimate code poses a direct threat to users and organizations, enabling attackers to steal credentials.
Defender Context
This incident highlights a growing trend of threat actors leveraging popular AI models and their associated code as bait for social engineering attacks. Defenders should educate users about the risks of downloading unverified code and emphasize the importance of using official software sources to prevent malware infections.