What ransomware hit Claude Code users?

Claude Code source leak turned into malware delivery

Recent reports describe a malware campaign that exploited the attention around Anthropic’s Claude Code source leak. Instead of receiving the expected code, people who searched for or tried to download the leaked materials reportedly got infected.

The core pattern is straightforward: attackers leveraged the high-interest moment—when developers and security teams were actively looking for the leaked Claude Code artifacts—and converted that demand into a distribution path for malware. Victims were directed to what appeared to be the Claude Code source, but the downloaded payload contained malicious components.

Why it matters

• Leak-driven attack surface: A publicly discussed leak creates a short window where many people may download “just in case” files. That window can be abused by threat actors even if the leak itself was not caused by them.
• Coding tools as high-value targets: Tools like Claude Code are designed to help automate development workflows. Compromising downloads aimed at these tools can lead to deeper compromise on developer machines.
• Trust erosion for security-savvy users: Even when developers know to be cautious, the promise of “source code” can override skepticism, especially if downloads are convenient or appear credible.

Across the reports, the malware outcome is the key point: users expecting legitimate leaked content were instead served malicious tooling. The broader implication for teams running AI-assisted coding is that supply-chain defenses must account for social-engineering around high-profile events, not just official releases.

Until more specifics are available about exact infection rates, persistence, and indicators of compromise, organizations should treat third-party “leak” downloads as untrusted binaries and verify integrity through independent channels.