Claude Code Packaging Error Fuels Ongoing Malware Campaign Targeting Developers
Threat actors continue to exploit a packaging error in Anthropic's Claude Code npm release to distribute Vidar, GhostSocks, and PureLog Stealer malware via fake GitHub repositories.
An active campaign exploiting a packaging error in Anthropic's Claude Code npm release is still distributing malware, according to Trend Micro Research. The attackers have set up a GitHub repository at `https://github[.]com/leaked-claude-code/leaked-claude-code`, operated by the account `idbzoomh1`, to lure developers into downloading trojanized archives. The repository has already garnered 838 stars, 1,060 forks, and at least 533 confirmed downloads as of April 7, 2026, with actual numbers likely higher due to replaced download links.
The social engineering tactic leverages the legitimate Claude Code package name, capitalizing on a known source map leak incident to trick developers into believing they are downloading a leaked version of the tool. Instead, the archive contains a Rust-compiled dropper that delivers multiple malware payloads. This campaign is part of a broader malware distribution operation active since February 2026, which has cycled through more than 25 software brands, including AI tools, crypto bots, and creative software.
The payloads delivered include Vidar, a stealer that targets browser-stored credentials, cryptocurrency wallets, and session tokens, exfiltrating data via Steam Community and Telegram dead drop profiles. GhostSocks establishes a SOCKS5 proxy on the victim's machine, enabling attackers to tunnel traffic through compromised hosts for residential proxy abuse. PureLog Stealer, a .NET information stealer, executes entirely in memory using a multi-stage fileless loader chain to harvest Chrome credentials and cryptocurrency wallets.
The combined functionality of these payloads gives attackers multiple monetization paths from a single infection, including credential theft, cryptocurrency wallet exfiltration, session hijacking, and residential proxy abuse across Windows systems. The threat actor's email address (`blactethe1061@outlook.com`) and GitHub account (`idbzoomh1`) have been identified, with a previous account (`idbzoomh`) already blocked by GitHub.
Trend Micro recommends that organizations immediately audit npm dependency usage, verify package integrity, and enforce strict supply-chain security controls. TrendAI Vision One provides detection and blocking capabilities for the campaign's indicators of compromise, including pattern updates, behavioral detections, and web reputation blocks. Customers can also use Observed Attack Techniques (OAT) in the console to hunt for suspicious activity such as execution of Claude with leaked versions or malicious file downloads.
This campaign highlights how quickly threat actors can exploit public attention following a software supply chain incident. The use of a legitimate brand name as a lure, combined with the distribution of multiple malware families, underscores the need for developers to verify the authenticity of software packages and for organizations to implement robust supply-chain security measures. As the campaign continues to evolve, defenders must remain vigilant and apply the recommended mitigations to prevent compromise.