Home / Technology / AI Leak Exploited for Malware Distribution
AI Leak Exploited for Malware Distribution
4 Apr
Summary
- Hacker uses leaked AI tool name to spread malware.
- Malware strains Vidar and Ghostsocks are distributed.
- Malicious GitHub page targets unsuspecting users.
A hacker has rapidly capitalized on the unintentional leak of Anthropic's AI tool, Claude Code. Exploiting interest in the leaked source code, the threat actor has spread malware via a GitHub page. Cybersecurity firm Zscaler identified that this page purports to offer the Claude Code source code, even claiming to have rebuilt the entire system for functionality.
However, the page actually disseminates a malicious ZIP archive. This archive contains two Windows-based malware strains: Vidar, an information stealer, and Ghostsocks, which can turn infected computers into proxies for the hacker. The threat actor added disclaimers to avoid suspicion, labeling the tool for security research and claiming to use bypass methods.
Despite Zscaler's exposure of these malicious activities, the GitHub page continues to operate. This situation highlights the dangers of downloading unverified code, as threat actors can easily embed backdoors, data exfiltrators, or cryptominers, leading to immediate compromise for unwary users.
