Claude Code Source Download Malware Attack (2026): Vidar Stealer & GhostSocks Hijack Developer Sy...

Claude Code Source Download Malware Attack (2026): Vidar Stealer & GhostSocks Hijack Developer Systems

On March 31, 2026, a malicious npm package disguised as Anthropic’s official Claude Code source download infected over 30,000 developer systems with Vidar Stealer and GhostSocks malware. The attack exploited an accidental source map leak from @anthropic-ai/claude-code version 2.1.88 — turning a trusted AI tool into a vector for credential theft and network surveillance.

How the Supply Chain Attack Unfolded

The initial vulnerability stemmed from a 59.8 MB JavaScript source map (.map) file accidentally published to npm. Security researcher Chaofan Shou (@Fried_rice) discovered the exposure on March 31, 2026, and publicly disclosed it before Anthropic could respond. Within hours, threat actors cloned the repository, injected trojanized binaries, and republished them under near-identical names to exploit developer trust.

Vidar Stealer: The Credential Harvesting Threat

Vidar Stealer, a notorious info-stealing malware, was embedded in the fake build script. Upon installation, it silently harvested browser cookies, saved passwords, cryptocurrency wallet keys, and system credentials. Victims reported unauthorized logins to GitHub, Discord, and banking portals within minutes of running the compromised code.

GhostSocks: The Silent Proxy Backdoor

Simultaneously, GhostSocks — a stealthy SOCKS5 proxy malware — reconfigured network settings to route all outbound traffic through attacker-controlled servers. This enabled man-in-the-middle attacks, data interception, and long-term surveillance, making it nearly impossible to detect without network monitoring tools.

Why Developers Fell for the Impersonation

High-profile AI tools like Claude Code attract eager contributors and curious coders who often skip verification steps. Without code signing, checksum validation, or repository authentication, malicious forks appeared legitimate. Many downloaded the package directly from GitHub or third-party forums, bypassing npm’s security layers entirely.

How to Protect Your Development Environment

Anthropic has revoked the compromised npm package and is collaborating with GitHub to remove malicious forks. But the damage is done: over 2,000 unique IPs are now connected to C2 servers. Here’s how to defend yourself:

• Never install npm packages without verifying their official source and signature
• Use tools like npm audit, Snyk, or Dependabot to scan for vulnerabilities
• Enforce SLSA Level 3 compliance for all third-party dependencies
• Validate cryptographic hashes before running any downloaded source code
• Enable two-factor authentication on all developer accounts

Conclusion: Trust, But Verify in Open Source

The Claude Code source download scam is not an isolated incident — it’s a warning sign. As AI tools grow in popularity, so do impersonation attacks. In open-source ecosystems, popularity doesn’t equal security. Always verify origin, validate integrity, and assume every external code drop could be compromised. Your credentials, your network, and your projects depend on it.