Krux
April 4, 2026
512,000 Lines of Claude Code Leaked, Now Delivering Malware
Published: April 4, 2026 at 12:37 AM
Updated: April 4, 2026 at 12:37 AM
100-word summary
Anthropic accidentally leaked 1,900 TypeScript files containing 512,000 lines of Claude Code source on March 31. Within days, attackers cloned the leaked repositories and stuffed trojanized archives with Vidar credential-stealing malware and GhostSocks proxy tools, distributing them through fake GitHub releases. Trend Micro's analysis reveals the twist: hackers are weaponizing trust in AI developer tools. Developers searching for the leaked code instead downloaded malware from repositories that looked legitimate. The attack shows credential theft, but also exposes how prompt-injection vulnerabilities might be discovered in the wild from leaked code. The hype around AI tools just became a security liability. When everyone wants to peek at how Claude works, fake repositories...
What happened
Anthropic accidentally leaked 1,900 TypeScript files containing 512,000 lines of Claude Code source on March 31. Within days, attackers cloned the leaked repositories and stuffed trojanized archives with Vidar credential-stealing malware and GhostSocks proxy tools, distributing them through fake GitHub releases. Trend Micro's analysis reveals the twist: hackers are weaponizing trust in AI developer tools. Developers searching for the leaked code instead downloaded malware from repositories that looked legitimate. The attack shows credential theft, but also exposes how prompt-injection vulnerabilities might be discovered in the wild from leaked code.
Why it matters
The hype around AI tools just became a security liability. When everyone wants to peek at how Claude works, fake repositories become irresistible traps.