Hacker Exploits Claude AI Leak, Spreads Vidar Malware via Fake GitHub
JAKARTA - The leak of source code involving Anthropic was actually used by cyber criminals to launch a large-scale malware attack. They target the developer community who are curious about the latest AI technology.
The incident started from a "technical error" during the release of new software that caused some code from Claude Code - Anthropic's terminal-based coding tool - to be exposed to the public. Although it was not the result of a hack, the impact is now much more serious.
The hackers quickly capitalized on the momentum by creating a fake repository on GitHub that claimed to provide an "unlocked" or "enterprise" version of Claude Code. Instead of getting a sophisticated AI tool, users instead downloaded malicious malware.
One actor, using the alias "dbzoomh", even managed to optimize his fake repository to appear on the first page of Google searches for keywords such as "leaked Claude Code" - increasing the chances of victims being trapped.
In the attack scenario, users are directed to download a 7-Zip archive file containing an executable named ClaudeCode_x64.exe. This file turns out to carry two main threats: Vidar and GhostSocks.
Vidar is known as an infostealer type malware that is capable of stealing sensitive data such as passwords, browser cookies, and cryptocurrency wallet information. Meanwhile, GhostSocks works by turning the victim's device into a proxy, which can then be used for other illegal activities on the dark web.
This phenomenon adds to the list of security problems that Anthropic is currently facing. Previously, researchers from Koi Security found a hole called "ShadowPrompt" in the Claude Chrome extension that allowed data theft without user interaction (zero-click). In addition, the Oasis research group also revealed another series of vulnerabilities dubbed "Cloudy Day".
Although Anthropic is moving quickly to patch the official gap, the company has no control over the distribution of the fake version circulating on public platforms such as GitHub.
The surge in the popularity of AI like Claude has also increased the surface of the attack. In the midst of high demand, Anthropic even limited the use of its system during peak hours - a loophole that hackers used to offer an "unlimited" version as bait.
Security analysts assess this pattern as a serious warning for the industry. As AI adoption increases sharply, the risk of social engineering-based exploitation also increases.
Follow VOI Whatsapp Channel