Anthropic’s Claude Code, a popular tool for developers, was accidentally published online last month, exposing its source code to the public. Within days, thousands of GitHub repositories sprang up, each mirroring the leaked files. Security researchers quickly flagged a troubling pattern: a significant number of these reposts contained hidden infostealer malware embedded directly in the code.

Investigations by BleepingComputer revealed that the malicious additions were not accidental. The researchers traced the modifications to actors who appear to be leveraging the high visibility of the leak to spread malware to unsuspecting users who might clone or download the repositories. The malicious code is designed to siphon credentials and other sensitive data from any system on which it is inadvertently executed.

In response, Anthropic launched an aggressive takedown campaign. The Wall Street Journal reported that the company initially targeted more than 8,000 repositories with copyright infringement notices. After weeks of back-and-forth with GitHub’s moderation team, the effort was narrowed to 96 copies and adaptations that remain online. Anthropic’s legal team cited intellectual‑property violations as the basis for removal, even though the primary concern is the embedded malware.

This is not the first time Claude Code has been weaponized. In March, 404 Media documented a series of sponsored Google ads that directed users to counterfeit installation guides. Those pages prompted visitors to run a command that downloaded a separate malware payload, effectively turning a routine install into a security breach. The new wave of malicious reposts amplifies that risk by embedding the threat directly into the source files.

Cybersecurity experts warn that developers who clone any of the leaked repositories without verifying their integrity could inadvertently compromise their own environments. The infostealer code is capable of harvesting passwords, API keys, and other credentials, potentially giving attackers footholds in corporate networks or personal devices.

Anthropic’s spokesperson declined to comment on the specifics of the malware but reaffirmed the company’s commitment to “protecting our users and partners.” The firm also urged developers to avoid downloading the code from unofficial sources until the situation is fully resolved.

GitHub has not disclosed the exact criteria it used to retain the remaining 96 repositories, but the platform’s policy generally allows content that does not violate copyright or contain malicious code. The persistence of these copies underscores the challenge of fully eradicating malicious code once it spreads across a public code‑hosting service.

Security analysts say the incident highlights a broader trend: accidental leaks of proprietary code can quickly become vectors for malware distribution, especially when attackers act swiftly to piggyback on the attention such leaks generate. Organizations are advised to monitor public repositories for unauthorized copies of their software and to act decisively when threats emerge.

Used: News Factory APP - news discovery and automation - ChatGPT for Business