Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do
ATT&CK techniques detected
T1555.003Credentials from Web Browsers
57%
“active since february 2026. we have observed cycling through more than 25 software brands ( e. g., ai tools, crypto bots, and creative software ) across trojanized archives, delivering a rust - compiled dropper payload. payloads delivered and impact scope different malware payloa…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk.