Hackers are redistributing leaked Claude code files bundled with malware, turning a data exposure into an active threat vector.
Threat actors are reposting leaked Claude-related code with embedded malware, weaponizing the original data exposure. This follows a broader week of cybersecurity incidents including Apple's rare backport of iOS 18 patches for the DarkSword zero-click exploit, Iran threatening major US tech firms, and an FBI network breach via a commercial ISP. The Claude code leak specifically is being actively distributed in hacker communities, making it a live infection risk for anyone who downloads it.
Threat actors are weaponizing curiosity: any circulating 'Claude code leak' file is now a known malware vector. Developers who download these repositories — even out of research interest — risk compromising their dev machines, SSH keys, API credentials, and cloud configs. This is a classic lure attack targeting the exact demographic most likely to be curious about frontier model internals.
Audit your team's GitHub and local machines for any recently cloned repos referencing 'Claude', 'Anthropic leak', or 'Claude weights' in the past 30 days — run a credential rotation immediately if found, starting with Anthropic API keys and AWS/GCP access tokens.
Go to github.com and search: 'Claude leak' OR 'Claude code dump' OR 'Anthropic weights' — filter by 'Recently created'
Tags