Threat actors are exploiting media coverage of an accidental Anthropic Claude Code source leak to distribute Vidar infostealer malware through fake GitHub repositories. Developers and security researchers who downloaded from these repositories may have credential theft malware installed, putting corporate accounts, session tokens, and cryptocurrency wallets at risk. Organizations with developers actively following AI news are the primary exposure surface; a single compromised developer workstation may potentially yield access to source code repositories, cloud environments, and internal systems.