Hackers Are Weaponizing the Claude Code Leak — Bundling Downloads With Malware

The Claude Code source code leak — which exposed over 512,000 lines of Anthropic's proprietary coding agent infrastructure — has become a distribution vector for malware, according to reporting by Wired. Threat actors are re-hosting the leaked files on platforms ranging from GitHub forks to Telegram channels and dark web repositories, with some versions modified to include credential-stealing and remote access payloads targeting the developer community.

The Exploitation Pattern

The attack logic is straightforward. Developer curiosity about the leaked code is high — the Claude Code codebase includes proprietary orchestration techniques, agent memory architectures, and the so-called "dreaming" function Anthropic uses to help agents consolidate tasks during idle periods. This makes the leaked files genuinely compelling to engineers building competing tools or simply trying to understand how Anthropic's coding agent works at a technical level.

Attackers are exploiting that curiosity by distributing modified versions of the leak that include additional payloads. The legitimate leak is included in full to avoid detection — the package appears complete and functional. The malicious additions run quietly in the background, targeting developer credentials including API keys for AI providers, GitHub tokens, and cloud provider credentials stored in common development environment configurations.

Who Is at Risk

The target profile is specific: developers who downloaded the Claude Code source code from any source other than Anthropic's official DMCA-flagged repositories. Given that Anthropic's mass DMCA takedown campaign reached over 8,000 clones before slowing distribution, and that many developers downloaded the files before takedowns could be processed, the potential exposure window is significant.

Security researchers cited by Wired have confirmed active infections among developers who downloaded files from Telegram channels promoting "the full Claude Code leak" and similar phrasings. The credential theft payloads specifically target .env files, ~/.config directories, and browser-stored credentials — the exact locations where developers commonly store API keys and authentication tokens.

What to Do

Any developer who downloaded the leaked Claude Code files from a non-official source should treat the environment as compromised: rotate all API keys and credentials, audit recent API usage for anomalies, and run a full security scan on the affected machine. Anthropic has not issued a formal advisory, but the pattern described by Wired security researchers follows established credential-theft playbooks that security teams should treat as verified until proven otherwise.