As they used to say, back in the day.
When it seems too good to be true, it generally is.
They also say, how guillable are you ?
Send $100 for our questionaire.
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware. A malicious GitHub repository published by idbzoomh uses the Claude Code exposure as a lure to trick people into downloading malware, including Vidar, an …
-
Friday 3rd April 2026 08:31 GMT DrXym
Pro tip
If you download something and it's in the form of an executable when it shouldn't be, or an encrypted archive inside an unencrypted archive with a README that tells you to visit some sites for the code, or some weird obsolete format like WMV or it ends in .scr, then just forget it.
At best you're about to be scammed. At worst you're about to be pwned.
-
Friday 3rd April 2026 18:23 GMT bombastic bob
Re: Pro tip
I've seen a lot of recent malicious activity from Brazil, Uruguay, and Paraguay, that's obviously coordinated, one being SYN floods on port 443, and another being DNS DoS by making 'recursive" requests (i.e. asking YOUR DNS server to resolve www.something-else.com" followed up by a flood of bogus requests if it gets a reply to the first one).
According to Grok, a LOT of Brazilian IP netblocks end up being involved in "stress testing" but it's either compromised or being abused. Hence the SYN floods, typically lasting 15 minutes or so and apparently random. And when I sent abuse mails, the mail forwarder had the ISP's IP or domain in a bl[a,o]cklist and would not deliver it!!!
-
Sunday 5th April 2026 16:22 GMT Gerhard den Hollander
Re: Pro tip
According to Grok ?
Free pro tip.
Don't rely on anything AI tells you ... esp if it's AI whose main feature seems to be generating 18+ or downright illegal pictures.
Also, second free pro tip.
Don't post any 'According to AI' things publicly without backing them up with real facts, at least if you want to maintain even a modicum of credibility.
-
-
Friday 3rd April 2026 18:10 GMT bombastic bob
suspicious EXE file required to view content?
Article: The malicious .7z archive in the repository's releases section is named Claude Code - Leaked Source Code, and it includes a Rust-based dropper named ClaudeCode_x64.exe.
AAAaand people were JUST RUNNING THAT PROGRAM without sandboxing it in a VM or analyzing it or anything to check for unknown malware first, right?
Not to mention Micros~1 owns Github these days, and their scanners OBVIOUSLY missed it.
Lesson learned: do NOT unpack an archive and run "some application" on WINDOWS. If you can't view the content WITHOUT the application RUNNING on WINDOWS, it's PROBABLY MALWARE!!!
And NOW I'd like to see how many of those Windows LUsers that ran the .exe' did so from a user with ADMINISTRATOR PRIVILEGES... - or blindly entered the admin password when UAC prompted for it!
-
Saturday 4th April 2026 20:33 GMT Paul Hovnanian
Re: suspicious EXE file required to view content?
"some of those downloads came with a side of credential-stealing malware."
Someone is pulling down what is advertised to be leaked code with possible intellectual property issues. And they are doing it to an unsanitized location which also contains traceable credentials? Whoops.
"it includes a Rust-based dropper named ClaudeCode_x64.exe"
It's good to see Rust being used where security is a real issue.</sarcasm>
-
-
This post has been deleted by its author
-
Saturday 4th April 2026 17:57 GMT anthonyhegedus
The lure was perfectly calibrated
The remarkable thing about this attack isn't the technical execution – it's the social engineering. 'Leaked source code with unlocked enterprise features and no message limits' is precisely what a certain type of developer wants to believe exists. The attackers understood the target psychology better than most security teams do. Basic rule: if a download seems too good to be true, and it appeared suspiciously close to the top of Google results, it absolutely is.
-
Monday 6th April 2026 16:58 GMT WolfFan
Blast from the past
Many years ago Microsoft released MS Office 2004 for Macintosh. (Yes, 2004, not 2003.) For reasons unknown, a large number of people wanted it. For obvious reasons, a large number of those who wanted it didn't want to pay for it. There were lots and lots of Office installers on various 'file sharing' sites. And lo! it came to pass that one of these 'installers' was about 112kB in size; the full MS Office 2004 installer was over 600 MB in size, but allegedly the 112kB installer would reach across the Internet and download directly from MS Servers. And so it was downloaded, many times, by many cheap charlie would-be pirates. And lo! it came to pass that instead of installing MS Office 2004, it erased the cheap charlie's hard drives. And MS denied that they had anything to do with it. And some of us laughed long and loud when we heard of the drives being erased, and again when we heard MS's denials. I, for one, laughed particularly hard when a cheap charlie showed up asking if I clould restore his hard drive. For free, of course. And he didn't have any backups. He was most offended and stormed out, never to darken my doorway again. Win-win-win.
One has to wonder if a certain vendor didn't, ahem, poison the well in this case, too...
Boyz'n'grrlz, if you must be naughty, be careful...
