Skip to main content
JS
Jacob Santos

Jacob Santos

Threat Hunter, Researcher and Builder

Sr. Threat Researcher | Trend AI
17
Articles
14
Threads
10+
Tools
10+
Talks
Experience
Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do
Trend Micro Research Apr 2026

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

Social EngineeringSupply ChainCredential TheftAI Threats

Threat actors rapidly weaponized the public attention from Anthropic's Claude Code npm source map exposure, standing up a fake GitHub repository (leaked-claude-code/leaked-claude-code, operated by account idbzoomh1) to distribute trojanized 7z archives. The payloads bundled three distinct malware families: Vidar stealer for multi-threaded credential and wallet exfiltration via Steam and Telegram dead-drop C2 resolution, GhostSocks to convert infected Windows hosts into SOCKS5 residential proxy nodes, and PureLog Stealer as a fileless .NET infostealer executing entirely in-memory. The repository accumulated 838 stars and 1,060 forks, with at least 533 confirmed downloads of the most recent payload revision. The campaign is part of a broader rotating-lure operation active since February 2026 that has cycled through more than 25 software brands using a single Rust-compiled dropper. Defenders are advised to secure developer workstations with EDR behavioral protection, enforce zero-trust policies on shared code, restrict tools to licensed software, and rotate short-lived developer credentials.

Read Full Article Back to Research

Related Research

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads

Analyzed a rotating AI-themed lure campaign active since February 2026 that pivoted within 24 hours of Anthropic's Claude Code npm packaging error to distribute Vidar stealer and GhostSocks proxy malware through fake "leaked Claude Code" GitHub repositories, impersonating more than 25 software brands via a single Rust-compiled dropper.

Social EngineeringAI Threats

Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads

Investigated a supply chain attack in which an attacker hijacked the lead Axios npm maintainer's account and published two malicious versions containing a phantom dependency that deployed a cross-platform RAT on macOS, Windows, and Linux while erasing forensic evidence by replacing itself with clean decoy files.

Supply ChainRAT

AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution

Uncovered AI-generated fake GitHub repositories distributing SmartLoader and LummaStealer through convincing but malicious code projects.

Social EngineeringRAT

Nitrogen Ransomware: Fake Updates and Malicious Browser Extensions

Thread on the rapidly evolving Nitrogen ransomware group using social engineering via fake updates and malicious browser extensions for initial access.

RansomwareSocial Engineering