Trend Micro: Claude Code source leak weaponized as malware lure

Trend Micro published “Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads” documenting how the March 31 Claude Code source map leak (59.8MB in npm package @anthropic-ai/claude-code v2.1.88) was weaponized within 24 hours as a social engineering lure for Vidar stealer and GhostSocks proxy malware.

Key findings:

• 22 unique payload variants, 38 distinct 7z archives, each branded as different popular software
• Same Rust-compiled dropper (TradeAI.exe) across all variants
• Part of a rotating-lure campaign active since February 2026, cycling through 25+ brand lures
• Claude Code was the highest-visibility lure in the rotation
• A follow-up piece (“Claude Code Packaging Error Remains a Lure”) confirms the campaign is ongoing

This is a third dimension of the Claude Code security picture: not a code vulnerability (CVE chain) or an integration vulnerability (hooks RCE), but a trust vulnerability. The source leak created a moment of high developer attention that threat actors exploited for distribution. The attack surface is reputation, not code.

Implication for agent ecosystem: as coding agents become household names among developers, their brand becomes a distribution vector for unrelated malware. The more visible the tool, the more valuable its name as a lure.