Zscaler ThreatLabz — Fake Claude Code Source Distributes Vidar & GhostSocks Malware
Zscaler ThreatLabz — Fake Claude Code Source Distributes Vidar & GhostSocks Malware
AI relevance: Threat actors are exploiting the recent Claude Code source code leak as a social engineering lure — distributing Vidar infostealer and GhostSocks proxy malware through a malicious GitHub repository that ranks at the top of Google search results for "leaked Claude Code," targeting AI developers and security researchers.
What Happened
- Zscaler ThreatLabz discovered a malicious GitHub repository by user
idbzoomhimpersonating leaked Anthropic Claude Code TypeScript source code, with a README claiming "unlocked" enterprise features and no message limits - The repo appears at the top of Google search results for queries like "leaked Claude Code," ensuring high visibility to curious developers
- The GitHub releases section hosts a ZIP archive named "Claude Code - Leaked Source Code" (
.7z) containingClaudeCode_x64.exe, a Rust-based dropper - On execution, the dropper installs Vidar v18.7 (information stealer) and GhostSocks (DNS-tunneling proxy that turns infected devices into proxy infrastructure)
- The threat actor actively updates the malicious archives at short intervals — ThreatLabz observed multiple updates within a 13-hour window
- A second mirror repository was identified under another account, featuring a prominent "Download ZIP" button that was non-functional at time of analysis
- This mirrors an earlier March 2026 campaign reported by Huntress that used GitHub to deliver GhostSocks — suggesting the same threat actor or a copycat operation
Why It Matters
The Claude Code source map leak (March 31, 2026) created a surge of developer interest in accessing the exposed code. Attackers quickly weaponized this curiosity, using search engine optimization to position malicious repositories above legitimate coverage. The combination of a high-profile AI tool leak with established malware infrastructure (Vidar + GhostSocks) creates a potent social engineering attack that specifically targets the developer and AI security communities most likely to search for the leak.
What To Do
- Do not download "leaked Claude Code" binaries or archives from unofficial GitHub repositories
- Verify any Claude Code source you examine against Anthropic's official npm package and public repositories
- Scan any downloaded files with multiple AV engines before execution
- Monitor for Vidar and GhostSocks IOCs in your environment (see Zscaler's IOC list)
- Be cautious of GitHub repositories that claim to offer "unlocked" or "enterprise" versions of commercial AI tools
- Use browser extensions or DNS filtering to block known malicious GitHub accounts