Threat actors are exploiting a recent leak of the source code for Anthropic’s Claude Code, an AI coding tool, to distribute malware that steals information using fake GitHub repositories. This leak, which occurred on March 31, 2023, included 513,000 lines of TypeScript due to a published npm package containing the source map.
The leaked code revealed significant details about the AI agent’s functionalities and security systems. According to Zscaler, a cloud security firm, opportunistic hackers have created repositories promoting fake features of the leaked code while optimizing these for search engines to attract users searching for the leak.
One malicious repository, operated by a user named “idbzoomh,” directs users to download a 7-Zip archive containing a Rust-based executable that installs the Vidar infostealer and the GhostSocks proxy tool. Researchers noted that this malicious archive is frequently updated, hinting at the potential introduction of new threats.
Additionally, another repository with a non-functional “Download ZIP” button appears to be linked to the same attackers, indicating trial and error in their distribution methods. Despite GitHub’s defenses, it has historically been a platform used by cybercriminals to spread harmful payloads, particularly following major publicized events.
Source link
