Threat actors are actively exploiting the recent Claude Code packaging error by hosting fake GitHub repositories that distribute trojanized archives. These archives contain a Rust-compiled dropper that deploys Vidar, GhostSocks, and PureLog Stealer to harvest credentials and establish residential proxies on compromised Windows systems.