EXECUTIVE SUMMARY
Threat actors have rapidly weaponized the attention surrounding a packaging error in Anthropic's Claude Code npm release, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks malware through fake "leaked Claude Code" GitHub repositories. This campaign is part of a broader rotating lure operation active since February 2026, impersonating more than 25 software brands while delivering the same Rust-compiled infostealer payload. The attackers utilize GitHub Releases as a trusted malware delivery channel, leveraging large trojanized archives and disposable accounts to evade takedowns.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY
Threat actors have rapidly weaponized the attention surrounding a packaging error in Anthropic's Claude Code npm release, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks malware through fake "leaked Claude Code" GitHub repositories. This campaign is part of a broader rotating lure operation active since February 2026, impersonating more than 25 software brands while delivering the same Rust-compiled infostealer payload. The attackers utilize GitHub Releases as a trusted malware delivery channel, leveraging large trojanized archives and disposable accounts to evade takedowns.[emaillocker id="1283"]
The leaked source code itself introduces longer-term risks, including vulnerability discovery, prompt injection blueprinting, and agentic attack surface exposure. Organisations should take this threat seriously, as it can be difficult to detect and recover from. The attackers' use of GitHub Releases and disposable accounts makes it challenging to track and take down the malware.
To defend against this threat, organisations should ensure that they only approve designated installation paths for AI developer tools, actively detect and block malicious indicators, and consider applying governance as a control plane for agentic risk. This includes regularly updating endpoint protection, monitoring system logs, and implementing robust backup and disaster recovery strategies. By taking proactive measures, organisations can reduce their risk of falling victim to this campaign and protect their sensitive information.
THREAT PROFILE:
| Tactic | Technique ID | Technique | Sub-technique |
| Reconnaissance | T1592 | Open-Source Intelligence | — |
| Reconnaissance | T1591 | Social Engineering | — |
| Resource Development | T1583 | Acquire Infrastructure | — |
| Initial Access | T1566.002 | Phishing | Spearphishing Link |
| Execution | T1204 | User Execution | — |
| Defense Evasion | T1027 | Obfuscated Files or Information | — |
| Defense Evasion | T1564 | Hide Artifacts | — |
| Defense Evasion | T1140 | Deobfuscate/Decode Files or Information | — |
| Command and Control | T1105 | Ingress Tool Transfer | — |
| Command and Control | T1090 | Proxy | — |
| Command and Control | T1132 | Data Encoding | — |
| Exfiltration | T1041 | Exfiltration Over C2 Channel | — |
| Exfiltration | T1048 | Exfiltration Over Alternative Protocol | — |
REFERENCES:
The reports contain further technical details:
https://www.trendmicro.com/en_us/research/26/d/weaponizing-trust-claude-code-lures-and-github-release-payloads.html