Fake Claude Code Leak On Github Pushes Vidar Malware
Bitdefender, Friday, April 3rd, 2026
Threat actors are capitalizing on the recent exposure of Anthropic's Claude Code source to lure curious developers into downloading malware from fake GitHub repositories.
The campaign piggybacks on intense interest that followed the March 31 packaging mistake, when a source map in the npm release exposed more than 500,000 lines of readable TypeScript tied to the terminal-based coding agent.
That visibility appears to have created the perfect condition for opportunistic abuse. Security researchers say attackers quickly reframed the leak as a scarce, 'unlocked' or unrestricted build, using GitHub as the staging ground for booby-trapped downloads aimed at users searching for the exposed code.