Following an accidental source code leak of Anthropic's Claude Code via npm, threat actors rapidly deployed fake GitHub repositories to distribute a Rust-compiled dropper. This dropper, part of a broader rotating-lure campaign, deploys Vidar stealer and GhostSocks proxy while utilizing extensive anti-analysis checks and PowerShell to disable Windows Defender.