Anthropic Claude Code Leak

ThreatLabz discovered malicious GitHub repositories posing as a “Claude Code” leak that distribute a Rust-based dropper (ClaudeCode_x64.exe) which drops Vidar v18.7 (an information stealer) and GhostSocks (a proxy). The repositories are easily discoverable via search results, are actively updated, and appear hosted under multiple accounts by the same actor (idbzoomh); releases contain malicious ZIP archives and the README lures users to download the fake leaked source.