Trend Micro Research

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

Sophia Nilette Robles · 2026-04-07 · Read original ↗

ATT&CK techniques detected

1 predictions

T1555.003Credentials from Web Browsers

57%

“active since february 2026. we have observed cycling through more than 25 software brands ( e. g., ai tools, crypto bots, and creative software ) across trojanized archives, delivering a rust - compiled dropper payload. payloads delivered and impact scope different malware payloa…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk.