<style>/*<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5925999397593177003&zx=a950e599-d580-43b1-9a43-8b2e26aa3911' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5925999397593177003&zx=a950e599-d580-43b1-9a43-8b2e26aa3911' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2460228594947362&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-2460228594947362 -->

</head><body>*/</style>

Claude Code leak used to push infostealer malware on GitHub

Sp123

4 Apr, 2026

Bill Toulas reports: Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from Anthropic, designed to execute coding tasks directly in the terminal and act as an autonomous agent, capable of direct system interaction, LLM API…

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

Article Link: https://databreaches.net/2026/04/04/claude-code-leak-used-to-push-infostealer-malware-on-github/?pk_campaign=feed&pk_kwd=claude-code-leak-used-to-push-infostealer-malware-on-github

1 post - 1 participant

Read full topic

Malware Analysis, News and Indicators - Latest topics

Sp123

"An underestimated security threat to organizations is employee apathy and burn out.‌‌"

<style>/*
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/344097953-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'APlU3lwhbA0KNcwAtXOZVrvDoSzk:1775349401144';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d5925999397593177003','//www.sharitsec.eu.org/2026/04/claude-code-leak-used-to-push.html','5925999397593177003');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '5925999397593177003', 'title': 'SharITSec', 'url': 'https://www.sharitsec.eu.org/2026/04/claude-code-leak-used-to-push.html', 'canonicalUrl': 'https://www.sharitsec.eu.org/2026/04/claude-code-leak-used-to-push.html', 'homepageUrl': 'https://www.sharitsec.eu.org/', 'searchUrl': 'https://www.sharitsec.eu.org/search', 'canonicalHomepageUrl': 'https://www.sharitsec.eu.org/', 'blogspotFaviconUrl': 'https://www.sharitsec.eu.org/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en-GB', 'localeUnderscoreDelimited': 'en_gb', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22SharITSec - RSS\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/5925999397593177003/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/5744339523155679539/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-2460228594947362', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/16d2a080d6cf52d7', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Share to X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '5744339523155679539', 'postImageUrl': 'https://analytics.hitsaru.com/piwik.php?idsite\x3d11\x26rec\x3d1\x26url\x3dhttps%3A%2F%2Fdatabreaches.net%2F2026%2F04%2F04%2Fclaude-code-leak-used-to-push-infostealer-malware-on-github%2F%3Fpk_campaign%3Dfeed%26pk_kwd%3Dclaude-code-leak-used-to-push-infostealer-malware-on-github\x26action_name\x3dClaude%20Code%20leak%20used%20to%20push%20infostealer%20malware%20on%20GitHub\x26urlref\x3dhttps%3A%2F%2Fdatabreaches.net%2Ffeed%2F', 'pageName': 'Claude Code leak used to push infostealer malware on GitHub', 'pageTitle': 'SharITSec: Claude Code leak used to push infostealer malware on GitHub', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard', 'ok': 'Ok', 'postLink': 'Post link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Claude Code leak used to push infostealer malware on GitHub', 'description': 'Welcome to the website \x22sharitsec.eu.org\x22 a gathering place for information and learning news about hacking.', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vBTR4RUHKdqRdjap6JNv3xMWagRBKIE38N4qHDu2mUg3SIqM4gnxJRpW3J4eQkUR7ZWaaCtjsDeiCsDPutuFqHPSti4wYTzoqyzFxXxrDqmWQ5hrsL-t_G1ocLxsM-lMfFac4E6YcQwSgPQX6pnJFWV51YX_03ZhGx4u5sjvcMAmnG7ha1DBYFNWbiMhWekbiokWiwwGLIUDSjEs4ex3hWBqdmvjFlFWqx0rG5I-L0cO35U94upaw06OAzBkDUArrIhpnHN26jggxrqfYNy1zF4k3CekHP6ia4Kr7Qb_iupM6oX5KrJKUuvTq9X-cejIhll91jE8mbzSwpcxbH_VN2GdRdhf-uGpAhce3Zpep_92HZuUVsrbR2VXpF6ZePP1nqU49zBRfbkF_hb0uhbcGWagpTCBFXqpeHYp3-PF6Ndb4RjL0UWv0CS-e3IoANMN39pXX1V7vCxhSN44H9pyV1VLyIV2AWOvvIChV-aEfxIXBFnDu8xNdQbtAy7FF8Gm2j8xNxaUMWt1FGfI7VYXOiYmnVHvWxB-2KIGkx0NpkXFJe8Tbm0fPCTblh6jFBZHPQsiA4aFY', 'url': 'https://www.sharitsec.eu.org/2026/04/claude-code-leak-used-to-push.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 5744339523155679539}}, {'name': 'widgets', 'data': [{'title': 'Pagination', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML8'}, {'title': 'Template License', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML7'}, {'title': 'Popular', 'type': 'PopularPosts', 'sectionId': 'upload-image', 'id': 'PopularPosts1', 'posts': [{'title': 'Actively Exploited Microsoft SharePoint Deserialization of Untrusted Data Vulnerability', 'id': 7336405913127590235}, {'title': 'Perseus: DTO malware that takes notes', 'id': 4307222844789455355}, {'title': 'Libraries for Red Teaming Your GenAI Applications', 'id': 2704897469970914799}]}, {'title': 'Your Css', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML9'}, {'title': 'About Me', 'type': 'Profile', 'sectionId': 'upload-image', 'id': 'Profile1'}, {'title': 'Your Javascript', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML6'}, {'title': 'Google analytics', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML5'}, {'title': 'Navbar Menu', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML2'}, {'title': 'Icons, Dark, Search', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList10'}, {'title': 'Menu', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList11'}, {'title': 'Featured Post', 'type': 'FeaturedPost', 'sectionId': 'before-blog', 'id': 'FeaturedPost1', 'postId': '5049066484129407199'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'blog-post', 'id': 'Blog1', 'posts': [{'id': '5744339523155679539', 'title': 'Claude Code leak used to push infostealer malware on GitHub', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vBTR4RUHKdqRdjap6JNv3xMWagRBKIE38N4qHDu2mUg3SIqM4gnxJRpW3J4eQkUR7ZWaaCtjsDeiCsDPutuFqHPSti4wYTzoqyzFxXxrDqmWQ5hrsL-t_G1ocLxsM-lMfFac4E6YcQwSgPQX6pnJFWV51YX_03ZhGx4u5sjvcMAmnG7ha1DBYFNWbiMhWekbiokWiwwGLIUDSjEs4ex3hWBqdmvjFlFWqx0rG5I-L0cO35U94upaw06OAzBkDUArrIhpnHN26jggxrqfYNy1zF4k3CekHP6ia4Kr7Qb_iupM6oX5KrJKUuvTq9X-cejIhll91jE8mbzSwpcxbH_VN2GdRdhf-uGpAhce3Zpep_92HZuUVsrbR2VXpF6ZePP1nqU49zBRfbkF_hb0uhbcGWagpTCBFXqpeHYp3-PF6Ndb4RjL0UWv0CS-e3IoANMN39pXX1V7vCxhSN44H9pyV1VLyIV2AWOvvIChV-aEfxIXBFnDu8xNdQbtAy7FF8Gm2j8xNxaUMWt1FGfI7VYXOiYmnVHvWxB-2KIGkx0NpkXFJe8Tbm0fPCTblh6jFBZHPQsiA4aFY', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}]}, 'footerBylines': [{'regionName': 'footer2', 'items': [{'name': 'labels', 'label': 'Labels:'}]}], 'allBylineItems': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': 'Labels:'}]}, {'title': '#You may also like', 'type': 'HTML', 'sectionId': 'ads-post', 'id': 'HTML15'}, {'title': '', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML25'}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar-static', 'id': 'PopularPosts10', 'posts': [{'title': 'Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)', 'id': 3077788234771723734}, {'title': 'Axios npm Supply Chain Attack: Cross-Platform RAT Delivery via Compromised Maintainer Credentials', 'id': 2250484589322867799}, {'title': 'What Is Data Exfiltration?', 'id': 7330688186385146512}, {'title': 'DarkSword threatens unupdated iPhones', 'id': 2810467984250862716}, {'title': 'The Week in Vulnerabilities: AI Frameworks, VMware, and Critical ICS Exposure', 'id': 3726369080213391157}, {'title': '7 Reasons Why MSPs or IT Resellers Should Put All Their Cybersecurity Eggs in One Basket', 'id': 509592997414716615}, {'title': 'Threats based on Clipboards actions (+ KQL Query)', 'id': 5977653980165604021}, {'title': 'Perseus: DTO malware that takes notes', 'id': 4307222844789455355}, {'title': 'T1547.006 Kernel Modules and Extensions in MITRE ATT\x26CK Explained', 'id': 4462384000363107103}, {'title': 'AI Threat Landscape Digest January-February 2026', 'id': 5406557754653915139}]}, {'title': 'Archive', 'type': 'BlogArchive', 'sectionId': 'sidebar-static', 'id': 'BlogArchive10'}, {'title': '#Recent Post', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML19'}, {'title': 'Copyright', 'type': 'HTML', 'sectionId': 'copyright', 'id': 'HTML23'}, {'title': 'SVG Icons', 'type': 'HTML', 'sectionId': 'jet-options', 'id': 'HTML24'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML8', 'upload-image', document.getElementById('HTML8'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML7', 'upload-image', document.getElementById('HTML7'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'upload-image', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML9', 'upload-image', document.getElementById('HTML9'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile1', 'upload-image', document.getElementById('Profile1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'upload-image', document.getElementById('HTML6'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML5', 'upload-image', document.getElementById('HTML5'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'upload-image', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'header-main', document.getElementById('LinkList10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList11', 'header-main', document.getElementById('LinkList11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_FeaturedPostView', new _WidgetInfo('FeaturedPost1', 'before-blog', document.getElementById('FeaturedPost1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'blog-post', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/671862423-lbx__en_gb.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/828616780-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML15', 'ads-post', document.getElementById('HTML15'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML25', 'sidebar-static', document.getElementById('HTML25'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts10', 'sidebar-static', document.getElementById('PopularPosts10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive10', 'sidebar-static', document.getElementById('BlogArchive10'), {'languageDirection': 'ltr', 'loadingMessage': 'Loading\x26hellip;'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML19', 'sidebar-static', document.getElementById('HTML19'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML23', 'copyright', document.getElementById('HTML23'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML24', 'jet-options', document.getElementById('HTML24'), {}, 'displayModeFull'));
</script>
</body>*/</style>