A malicious GitHub repository disguised as leaked Claude Code source code is distributing Vidar v18.7 and GhostSocks malware to developers, according to Zscaler ThreatLabz research published Thursday. The Register reported that the trojanized repo appeared near the top of Google search results for “leaked Claude Code,” making it easy for curious developers to find and download.

The repository, published by a GitHub user called idbzoomh, poses as TypeScript source code for Anthropic’s Claude Code CLI. The README claims the code was extracted through a .map file in the npm package and rebuilt into a fork with “unlocked” enterprise features and no message limits. The malicious payload sits in a .7z archive in the releases section, labeled “Claude Code - Leaked Source Code.” Inside is a Rust-based dropper called ClaudeCode_x64.exe.

What the malware does

Once executed, the dropper installs two payloads. Vidar v18.7 is an infostealer that harvests account credentials, credit card data, and browser history. GhostSocks turns infected machines into proxy infrastructure that attackers can route traffic through, masking their location for follow-on operations.

Zscaler found the threat actor operating multiple GitHub accounts with identical code, updating the malicious archive at short intervals. At the time of analysis, one of the repos had accumulated 793 forks and 564 stars.

Same playbook, new lure

The technique is not new. In March, security firm Huntress identified a similar campaign using fake OpenClaw installers on GitHub to deliver the same two payloads: Vidar and GhostSocks. The attackers are following the same pattern: take a trending AI developer tool, create a fake repository exploiting curiosity around leaked or open-source code, and wait for developers to download a trojanized package.

This makes it the fourth AI agent security story in three days, following Google’s attack vector research on agent systems, Permiso’s SandyClaw detection sandbox launch, and the Claude Code CVE vulnerability disclosure.

Why it matters for builders

If you searched GitHub for Claude Code source code in the past week, verify what you downloaded. Zscaler’s blog includes indicators of compromise, including the malicious GitHub repository links and malware hashes. The broader lesson: any time a major AI tool leaks or goes viral, attackers will have trojanized repos live within hours. Treat GitHub downloads of AI agent tools with the same skepticism you’d apply to any unsigned binary from an unknown source.