Claude Code Source Code Leak Weaponized to Distribute Vidar Infostealer Malware on GitHub

Threat actors have exploited the recent leak of Claude Code's source code to distribute Vidar information-stealing malware through fake GitHub repositories, according to a report from BleepingComputer. Following the circulation of Claude Code's source files online, attackers created fraudulent repositories claiming to offer the leaked code. Users who downloaded from these repositories instead received Vidar, a widely-used infostealer capable of harvesting browser credentials, cryptocurrency wallets, session tokens, and other sensitive data from infected machines. The tactic is a classic example of malware operators capitalizing on high-interest security or technology events to draw in victims. The Claude Code leak generated significant attention in developer communities, making it an attractive lure for anyone curious about the leaked software. Vidar is a mature infostealer sold as malware-as-a-service and has been deployed in numerous campaigns over the past several years. It typically exfiltrates credentials and sends them to attacker-controlled servers before deleting itself. Anthropic has not publicly commented on the original Claude Code source code leak. The company's development tool, Claude Code, is a terminal-based AI coding assistant that has grown rapidly in adoption among software engineers. Security researchers recommend that anyone who downloaded code from unofficial sources claiming to contain Claude Code's source files should immediately scan their systems for compromise, rotate credentials, and audit recent account activity across developer platforms and financial services.