CLAUDE Code leak used to push infostealer malware on GitHub reports that threat actors are exploiting the Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. The article notes Claude Code is a terminal-based AI agent from Anthropic designed to execute coding tasks in the terminal and interact with systems directly, including LLM API call handling and persistent memory.
On 31 March, Anthropic accidentally exposed the full client-side source code of the tool via a 59.8 MB JavaScript source map included by mistake in the published npm package, according to the report by Bill Toulas and linked material from Bleeping Computer. Read more at Bleeping Computer.