What's Happening?
A malicious GitHub repository has been discovered distributing malware disguised as the leaked source code for Anthropic's Claude Code. The repository, published by a user named idbzoomh, tricked users
into downloading malware, including Vidar, an infostealer that collects account credentials and credit card data, and GhostSocks, which proxies network traffic. Zscaler's ThreatLabz researchers identified the repository while monitoring GitHub for threats. The repository falsely claimed to offer a rebuilt version of Claude Code with 'unlocked' enterprise features. Despite being removed from top search results, the repository had already been forked 793 times. The malware campaign highlights the rapid exploitation of new products and news events by cybercriminals.
Why It's Important?
This incident underscores the persistent threat of cybercrime, particularly in exploiting popular or trending topics to distribute malware. The use of GitHub, a widely trusted platform for developers, as a vector for malware distribution poses significant risks to individuals and organizations. The malware's ability to steal sensitive information and use infected devices as proxies can lead to severe financial and privacy breaches. This event serves as a reminder of the importance of cybersecurity vigilance and the need for robust threat detection and response mechanisms. It also highlights the challenges in maintaining the security of open-source platforms.
