Skip to main content

Hackers Exploit Claude Code Leak in Sophisticated GitHub Phishing Scheme

Claude Code Source Code Leak Sparks Developer Security Crisis

A human error at Anthropic has turned into a hacker's goldmine, with over 513,000 lines of front-end source code for the Claude Code AI tool accidentally exposed online. Within days, cybercriminals launched an elaborate phishing campaign targeting curious developers.

The GitHub Trap

Security analysts have identified multiple fake repositories popping up on GitHub, all promising exclusive access to the leaked code. One particularly active account, idbzoomh, has been luring developers with promises of "unlocked enterprise features" and "complete leaked versions."

"These aren't your average phishing attempts," explains cybersecurity researcher Mark Chen. "The attackers have gone to extraordinary lengths to make their repositories appear legitimate, even optimizing them to rank high in search results for related queries."

The Vidar Threat

The bait comes with a dangerous hook: any downloaded files secretly install Vidar malware. This sophisticated trojan specializes in:

  • Stealing browser credentials and session cookies
  • Harvesting cryptocurrency wallet information
  • Capturing sensitive system credentials
  • Installing additional payloads through proxy tools like GhostSocks

What makes this campaign particularly concerning is how quickly the attackers adapt. Security teams report seeing repository updates sometimes multiple times per day as hackers test new distribution strategies.

Protecting Yourself

Anthropic has issued urgent warnings advising developers to:

  1. Only download tools from official company channels
  2. Verify repository ownership before cloning or downloading
  3. Be extremely wary of any "leaked" or "cracked" versions
  4. Keep security software updated with the latest threat definitions

The company is working with GitHub to take down fraudulent repositories, but new ones appear as quickly as old ones get removed.

Key Points:

  • Massive Exposure: Over 500k lines of Claude Code source code accidentally leaked
  • Sophisticated Lure: Hackers created convincing fake GitHub repositories
  • Dangerous Payload: Downloads install Vidar trojan that steals sensitive data
  • SEO Trickery: Malicious repos optimized to appear in top search results
  • Ongoing Threat: Attackers continuously update their methods and distribution channels

Enjoyed this article?

Subscribe to our newsletter for the latest AI news, product reviews, and project recommendations delivered to your inbox weekly.

Weekly digestFree foreverUnsubscribe anytime

Related Articles

Google's Gemma4 Goes Truly Open: What It Means for Developers
News

Google's Gemma4 Goes Truly Open: What It Means for Developers

Google has taken a bold step with its latest AI model Gemma4, adopting the Apache 2.0 license to give developers unprecedented freedom. This marks a significant shift from previous restrictive policies, allowing commercial use and modification without legal hurdles. The new model boasts improved performance and seamless integration with existing developer tools, potentially leveling the playing field for smaller companies in the AI race.

April 3, 2026
Gemma4Open Source AIGoogle
News

Microsoft Bets Big on Homegrown AI to Challenge Industry Leaders

Microsoft is making an aggressive push into developing its own AI models, aiming to compete head-to-head with OpenAI and Anthropic by 2027. The tech giant is investing heavily in computing power with NVIDIA's latest chips and has already seen promising results with a new speech transcription model. This strategic shift comes after Microsoft gained more independence from its partnership with OpenAI, signaling its ambition to become a leader rather than just an integrator of AI technology.

April 3, 2026
MicrosoftAI DevelopmentTech Competition
Anthropic's Conway: Claude Gets Its Own Workspace and App Store
News

Anthropic's Conway: Claude Gets Its Own Workspace and App Store

Anthropic is developing Conway, a persistent agent solution that transforms Claude into an always-on AI assistant. Unlike traditional chatbots, Conway operates as an independent workspace with browser control, webhook triggers, and a coming extension system. This upgrade could position Claude as a serious competitor in the AI agent space, blurring the line between chatbot and digital assistant.

April 2, 2026
AI AgentsAnthropicClaude AI
News

Google's Gemma 4: A Powerhouse AI Model Set to Shake Up Open-Source Landscape

Google is gearing up to unveil Gemma 4, its next-generation open-source AI model that promises four times the parameters of its predecessor. With a rumored 120 billion parameters and innovative MoE architecture, this release marks Google's strategic move to reclaim influence in the open-source AI space. The tech world watches closely as this development could redefine the balance between commercial and open-source AI models.

April 2, 2026
AI DevelopmentOpen Source TechMachine Learning
Ant Group and Tsinghua Unveil Open-Source Security Shield for AI Agents
News

Ant Group and Tsinghua Unveil Open-Source Security Shield for AI Agents

Ant Group's AI Security Lab and Tsinghua University have released ClawAegis, a groundbreaking security plugin for OpenClaw-type AI agents. This lightweight solution tackles risks like skill poisoning and data contamination across an agent's entire lifecycle. The tool offers real-time threat detection while maintaining transparency for end users - a significant step toward safer autonomous systems.

April 2, 2026
AI SecurityOpen SourceAutonomous Agents
ClawHub's China Mirror Site Goes Live - AI Developers Rejoice!
News

ClawHub's China Mirror Site Goes Live - AI Developers Rejoice!

ClawHub, the popular 'npm for AI Agents,' has launched its official Chinese mirror site, bringing faster access and better stability for domestic developers. The new mirror at https://mirror-cn.clawhub.com solves previous network latency issues, making it easier than ever to share and discover AI skills. Sponsored by ByteDance's VolcanoEngine, this move signals growing localization in the AI Agent ecosystem.

April 1, 2026
AI DevelopmentOpen SourceMachine Learning

Popular Articles

1

TSMC Reports Record Revenue, AI Growth Fuels Optimism for 2025

News2

LoveGen AI: Your Creative Sidekick for Instant Images & Videos

Products3

ChatGPT Atlas - AI-Powered Browser

Products4

Nvidia Introduces New AI Safety Features for Chatbots

News5

Wittro: Undetectable AI Assistant for Interviews & Meetings

Products