Possible Claude Code leak download may expose users to hacking risks

Published On 04 Apr, 2026
possible-claude-code-leak-download-may-expose-users-to-hacking-risks

Hackers have begun exploiting the recent Claude Code leak by spreading malware disguised as free or “unlocked” versions of the AI tool.

Cybersecurity experts warn that unsuspecting users downloading these files risk immediate compromise.

Hackers capitalise on Claude Code leak

 

Following the accidental leak of Claude Code, cybercriminals quickly moved to take advantage of the situation.

A hacker created a GitHub page claiming to host the leaked source code, presenting it as a rebuilt and fully functional version of the tool.

The page, traced to an account named “idbzoomh,” suggests the code has been refined and made usable after fixing compilation issues.

The offer is particularly appealing to users searching for access to the leaked tool, especially as Anthropic has been actively removing copies through copyright takedowns.

The page also claims the leak enabled the creation of “Claude Code Unlocked,” promising free usage and even a so-called “jailbreak mode.”

However, experts note that the actual leak only contains partial source code and does not include model weights or training data—making such claims misleading.

Zscaler identifies two malware threats
 

According to Zscaler, the GitHub repository distributes a malicious ZIP file instead of legitimate software.

This archive contains two types of Windows-based malware:

  • Vidar: An information-stealing malware designed to extract sensitive data
  • Ghostsocks: A tool that allows attackers to use infected devices as proxy servers

These threats can compromise user data and give hackers control over affected systems.

To appear legitimate, the GitHub page includes disclaimers describing the software as an “experimental tool for security research.”

It claims to use browser spoofing and token rotation techniques to bypass paid access restrictions, while also denying responsibility for misuse.

Despite these efforts, security alerts may still be triggered on infected systems.

Despite the findings, the harmful repository remains online, and GitHub has not issued an immediate response.

Zscaler has warned that threat actors are already distributing trojanized versions of the leaked tool, including backdoors, data exfiltration tools, and even cryptominers.