Cybercriminals Leverage Anthropic's Source Code Leak to Distribute Malware

This leak highlights significant vulnerabilities in AI development practices and the potential for cybercriminals to exploit them.

• On March 31, 2026, Anthropic accidentally leaked 512,000 lines of its Claude Code source code, leading to a surge in interest and forking on GitHub.
• Cybercriminals quickly capitalized on this by creating fake repositories that distributed Vidar infostealer and GhostSocks malware.
• Zscaler ThreatLabz identified these threats, prompting GitHub to remove malicious accounts, but the dynamic nature of the malware poses ongoing risks.

• Prior vulnerabilities: Anthropic faced multiple security challenges before the leak, including the 'Cloudy Day' vulnerabilities and the ShadowPrompt flaw.
• Employee error: The leak was a result of a mistake during a software packaging process, exposing proprietary code and internal assets.
• Public curiosity: Increased demand for Anthropic's AI tools led to throttled access, amplifying interest and forking activity on GitHub.

On March 31, 2026, Anthropic's inadvertent release of 512,000 lines of Claude Code source code marked a pivotal moment in the intersection of AI development and cybersecurity. The leak stemmed from an employee error during a software packaging process, which not only exposed proprietary code but also internal model codenames and nearly 3,000 unpublished assets. This incident occurred against a backdrop of heightened scrutiny surrounding Anthropic's security practices, particularly following the disclosure of the 'Cloudy Day' vulnerabilities chain and the ShadowPrompt flaw in its Chrome extension.

The rapid forking of the leaked repository on GitHub created a fertile ground for cybercriminals. They swiftly established deceptive repositories under accounts like 'dbzoomh', promising users 'unlocked enterprise features'. These repositories hosted 7-Zip archives containing a Rust-built executable, ClaudeCode_x64.exe, which deployed the Vidar infostealer upon execution. This malware is designed to extract sensitive information, including browser credentials, passwords, cryptocurrency data, and files. Additionally, the GhostSocks proxy was included to route illicit traffic, further complicating the threat landscape.

Zscaler's analysis revealed that these malicious repositories ranked prominently in Google searches, making them easily accessible to unsuspecting users. As a response, GitHub terminated the accounts associated with these repositories, resulting in 404 errors for users attempting to access them. However, the malware archives received frequent updates, indicating that the threat was not entirely mitigated. In a concerted effort to regain control, Anthropic issued over 8,000 copyright takedown notices, which were later refined to target 96 specific repositories.

This incident underscores the structural implications of AI development and the vulnerabilities that can arise from rapid innovation. As AI tools become more prevalent, the potential for exploitation by malicious actors increases, necessitating robust security measures and vigilant monitoring. The incident serves as a cautionary tale for both developers and users, highlighting the importance of secure coding practices and the need for awareness in the face of evolving cyber threats.

• Developers: Increased scrutiny on coding practices and security protocols.
• Cybersecurity professionals: Heightened demand for threat detection and mitigation strategies.
• End-users: Potential exposure to malware and loss of personal data.

• Increased security measures: Watch for Anthropic and other AI firms to implement stricter verification processes to prevent similar leaks.
• Emerging malware trends: Monitor the evolution of malware tactics as cybercriminals adapt to exploit new vulnerabilities.
• User awareness campaigns: Expect initiatives aimed at educating users about the risks associated with downloading software from unofficial sources.