Malware And CampaignsCampaign

Leaked Claude Code on GitHub used to deliver Vidar Stealer and GhostSocks malware

April 6, 2026Threat Intelligence, Trend Micro Research

Threat Intelligence and Trend Micro Research warn that attackers used leaked Claude Code bait in fake GitHub repos to distribute Vidar Stealer and GhostSocks, illustrating a supply chain style lure built on stolen source code and brand trust.

Open in PulseSee the full authority discussion →

QUOTES

Cybercriminals bait users with leaked #Anthropic #Claude Code on GitHub to deliver #Vidar Stealer

After a Claude Code packaging error became public, threat actors quickly launched fake GitHub repos to spread Vidar and GhostSocks malware.

The incident shows how trust in platforms and brands can be weaponized without exploiting a vulnerability:

The incident shows how trust in platforms and brands can be weaponized without exploiting a vulnerability

VOICES

Threat Intelligence

Trend Micro Research

RELATED TERMS

githubinfostealersupply chainclaudegithubsupply chainclaude codesource code

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what authorities are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new authority voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security