Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

    Key takeaways:

• Attackers rapidly leveraged the Claude Code packaging error incident to distribute credential-stealing malware using fake GitHub repositories. This demonstrates how quickly threat actors can exploit public attention following a software supply chain incident.
• Vidar, GhostSocks, and PureLog Stealer were observed to have been distributed through the malicious GitHub releases; these payloads enable credential theft, cryptocurrency wallet exfiltration, session hijacking, and residential proxy abuse across Windows.
• TrendAI Vision One™ detects and blocks the IoCs provided at the end of this blog. TrendAI™ customers can also access tailored hunting queries, threat insights, and intelligence reports to better understand and proactively defend against this campaign. 

TrendAI™ Research is continuously monitoring an active campaign that continues to leverage the packaging error in  Anthropic’s Claude Code npm release to distribute Vidar, GhostSocks, and PureLog Stealer payloads. 

The distribution hub for the leaked Claude Code brand lure campaign was identified as https://github[.]com/leaked-claude-code/leaked-claude-code. It is operated by a GitHub account identified as idbzoomh1, who used the legitimate Claude Code source map leak incident as a lure to deliver payloads via a release asset.  A previous account, idbzoomh, has been blocked by GitHub. As of publishing there are no other identified repositories connected to the campaign; TrendAI™ Research will update this blog in the event of new findings.

Table 1. Threat actor identifiers and distribution artifacts

The social engineering threat became a part of a broader malware distribution campaign that has been active since February 2026. We have observed cycling through more than 25 software brands (e.g., AI tools, crypto bots, and creative software) across trojanized archives, delivering a Rust-compiled dropper payload. 

Payloads delivered and impact scope

Different malware payloads were observed to have been distributed through the malicious GitHub releases:

• Vidar is a stealer known to perform multi-threaded data theft targeting browser-stored credentials, cryptocurrency wallets, session tokens, and system information. Stolen data is exfiltrated to attacker-controlled C&C infrastructure resolved through dead drop profiles on Steam Community and Telegram. 
• GhostSocks has been observed in previous campaigns to establish a SOCKS5 proxy on the victim’s machine, allowing the threat actors to tunnel network traffic through compromised hosts. This effectively turns infected machines into residential proxy infrastructure for further operations. 
• PureLog Stealer is a .NET information stealer known to harvest Chrome credentials, browser extensions, cryptocurrency wallets, and system information. It executes entirely in memory using a multi-stage fileless loader chain to evade detection. 

The combined functionality of the malware payloads enables credential theft, cryptocurrency wallet exfiltration, session hijacking, and residential proxy abuse across Windows, giving the operators multiple monetization paths from a single infection.

As of April 7, 2026, 18:00 UTC+8, there are 838 stars, 1,060 forks, and 533 confirmed downloads of the new payload archive. It should be noted that there have been previous download links that have been deleted or replaced; the download counts for which cannot be retrieved anymore. The actual download numbers will likely continue to rise.