Claude Packaging Flaw Fuels Stealer Malware Campaign

Cyber Threat Intelligence reports that threat actors are actively exploiting a packaging error in Anthropic’s Claude Code npm release. This vulnerability has been weaponized to distribute a trifecta of nasty stealer malware: Vidar, GhostSocks, and PureLog. The attackers are essentially piggybacking on the legitimacy of a popular AI tool’s code to trick unsuspecting developers and systems into downloading malicious payloads. This highlights a persistent and concerning trend of abusing trusted software supply chains for nefarious purposes.

Defenders need to be hyper-vigilant about code sources. This incident underscores the importance of robust software supply chain security measures, including strict vetting of third-party dependencies and utilizing tools that can detect malicious or tampered packages. The ongoing exploitation of this Claude Code flaw means organizations should immediately review their dependency management practices and scan their environments for any signs of compromise related to these stealer families.