Malware dev tries to steal Claude users' secrets and leaks own GitHub private token
A novice developer flooded npm with a sloppy infostealer targeting AI coding users, but embedded a hardcoded GitHub token that let researchers instantly map and dismantle the attack infrastructure.
May 28, 20264 min read
