"A malicious GitHub repository published by idbzoomh uses the Claude Code exposure as a lure to trick people into downloading malware, including Vidar, an infostealer that snarfs account credentials, credit card data, and browser history; and GhostSocks, which is used to proxy network traffic."
"The README file even claims the code was exposed through a .map file in the npm package and then rebuilt into a working fork with 'unlocked' enterprise features and no message limits."
"Once it's executed, the malware drops Vidar v18.7 and GhostSocks onto users' machines, and then the Vidar stealer gets to work collecting sensitive data while GhostSocks turns infected devices into proxy infrastructure."
Tens of thousands downloaded the leaked Claude Code source code, which was exploited by a malicious GitHub repository to distribute malware. This repository, disguised as a TypeScript source code for Claude Code CLI, contained a Rust-based dropper that installed Vidar, an infostealer, and GhostSocks, a proxy tool. Researchers found the repository ranked high in Google searches for 'leaked Claude Code.' The malware collects sensitive data and turns infected devices into proxy infrastructure for criminal activities, showcasing the rapid exploitation of trending technologies by cybercriminals.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]