Claude Code Leak Exploited to Spread Vidar and GhostSocks via GitHub Releases
Hackers are turning the Claude Code source leak into an active malware-delivery channel, using GitHub Releases to push the Vidar stealer and GhostSocks under...
Vidar
Stealer/Infostealer
Infostealer derived from Arkei, targeting browser credentials, crypto wallets, and 2FA applications.
Also known as: vidar stealer, vidar infostealer, vidar malware
AI Intelligence Brief
Related YARA Rules View all on YARA Rules page →
90-Day Activity
Last 90 Days (5)
Last 90 Days
All Time
Fake TradingView Premium Reddit Posts Spread Vidar and AMOS Stealers
A new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information‑stealing...
Claude Code leak used to push infostealer malware on GitHub
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [.
2025 Year in Review: Malicious, Infrastructure
Explore Insikt Group’s 2025 Malicious Infrastructure Report. Gain insights into Cobalt Strike, Vidar infostealers, and AI-driven threats to secure your 2026 ...
Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats
The Vidar 2.