“ Code Leak Sparks GitHub Malware Frenzy: How a 598 MB Source Map Became a Cybercriminal Goldmine” + Video

Listen to this Post

Featured Image

Introduction:

A routine npm package update by AI company Anthropic in late March 2026 accidentally included a 59.8 MB JavaScript source map file containing internal Code source material. Within 24 hours, threat actors weaponized this leak, flooding GitHub with fake repositories that distributed credential-stealing malware disguised as the leaked AI software. This incident demonstrates how a single organizational packaging error can cascade into a large-scale social engineering campaign, exploiting developer trust in open-source ecosystems.

Learning Objectives:

  • Identify and mitigate risks associated with accidental source map exposure in CI/CD pipelines.
  • Detect fake GitHub repositories masquerading as leaked AI or proprietary software.
  • Implement technical controls (file integrity monitoring, npm security audits, and malware analysis) to prevent credential theft from such campaigns.

You Should Know:

  1. Understanding the Attack Vector: Source Map Exposure & Social Engineering

The leak originated from Anthropic’s npm package (@anthropic/-code or similar) where a misconfigured build process bundled a source map file (-code-0.1.0.js.map). Source maps are debugging aids that map minified code back to original source – but when exposed, they can reveal hardcoded secrets, internal APIs, and proprietary logic.

Threat actors quickly scraped the exposed source map, extracted environment variable patterns and internal endpoint references, then created GitHub repositories with names like:
– `-code-leaked-full`
– `anthropic-internal-tools`
– `-ai-unlocked`

These repos contained a README.md with convincing instructions and a malicious `install.sh` or `setup.exe` that downloaded info-stealers (e.g., RedLine, Vidar) or clipboard hijackers.

Step‑by‑step guide to detect and block this attack:

On Linux (repository inspection before cloning):

 Check repository metadata without cloning
curl -s https://api.github.com/repos/<suspicious-user>/<repo-name> | jq '.created_at, .updated_at, .stargazers_count'

Use gh CLI to list recent commits
gh repo view <suspicious-user>/<repo-name> --json name,description,url

Clone only the .git folder to inspect commit history
git clone --depth 1 --no-checkout https://github.com/<suspicious-user>/<repo-name>.git
cd <repo-name>
git log --oneline
git ls-tree -r HEAD --name-only | grep -E '.(sh|exe|ps1|py)$'

On Windows (PowerShell safety checks):

 Check if repository has been reported as malicious
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/<user>/<repo>/main/README.md" -OutFile .\temp_readme.md
Select-String -Path .\temp_readme.md -Pattern "download|run|install|chmod|curl|wget"

Use VirusTotal API to scan any downloaded files (replace API_KEY)
$file = ".\suspected.exe"
$url = "https://www.virustotal.com/api/v3/files"
$headers = @{"x-apikey" = "YOUR_API_KEY"}
$fileBytes = [System.IO.File]::ReadAllBytes($file)
Invoke-RestMethod -Uri $url -Method Post -Headers $headers -Body @{file=$fileBytes}

Mitigation: Implement repository allowlisting in your CI/CD. Use `npm audit` and `yarn audit` to detect suspicious dependencies. For source map protection, add to .gitignore: `.js.map` and use `npm run build — –no-source-maps` in production builds.

2. Analyzing the Malicious Payload: Credential Stealer Extraction

The malware distributed via fake repos typically uses obfuscated PowerShell or Python scripts to exfiltrate browser credentials, SSH keys, and cloud provider tokens. A common variant seen after this incident was a multi-stage loader:

  • Stage 1: `install.sh` downloads a base64-encoded Python script from a pastebin-like service.
  • Stage 2: Python script decrypts and runs a memory-only PE executable.
  • Stage 3: The PE injects into `explorer.exe` or `svchost.exe` and begins scraping.

Step‑by‑step guide to static and dynamic analysis:

On Linux (sandbox environment):

 Isolate in Docker
docker run --rm -it -v "$PWD:/malware" ubuntu:22.04
cd /malware
chmod +x install.sh

Trace system calls during execution (use strace)
strace -f -e trace=file,network,process ./install.sh 2>&1 | tee strace.log

Extract URLs from the script
grep -Eo '(http|https)://[a-zA-Z0-9./?=_-]' install.sh | sort -u

Decode base64 blobs
grep -oP 'echo.base64.|.base64.-d' install.sh | bash -i 2>/dev/null

On Windows (using Sysinternals and PowerShell logging):

 Enable PowerShell script block logging
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -Name "EnableScriptBlockLogging" -Value 1

Run suspect .ps1 with constrained language mode
powershell.exe -ExecutionPolicy Bypass -ConstrainedLanguage -File .\setup.ps1

Monitor process creation with WMI
Get-WmiObject -Class Win32_Process -Filter "Name='powershell.exe' OR Name='cmd.exe'" | Select-Object CommandLine, ProcessId

Use Sysmon (install first) to log network connections
sysmon64 -accepteula -n
 Check logs for outbound connections to known C2
Get-WinEvent -FilterHashtable @{LogName="Microsoft-Windows-Sysmon/Operational"; ID=3} | Where-Object {$_.Message -match "DestinationPort: (80|443)"}

YARA rule to detect the stealer:

rule CodeStealer {
meta:
description = "Detects credential stealer from fake Code repos"
date = "2026-04-10"
strings:
$s1 = "Discord Webhook" nocase
$s2 = "chrome/Default/Login Data" wide
$s3 = "id_rsa" ascii
$s4 = "Authorization: Bearer" ascii
$s5 = "Invoke-WebRequest -Uri" nocase
condition:
(uint16(0) == 0x5A4D or uint32(0) == 0x464C457F) or
(any of ($s1,$s2,$s3,$s4) and $s5)
}

3. Hardening CI/CD Pipelines Against Accidental Leaks

The root cause was an npm packaging misconfiguration. Many build tools (Webpack, Vite, esbuild) generate source maps by default in development. If those artifacts are not excluded from the published package, secrets in environment variables or internal paths become public.

Step‑by‑step guide to secure your npm publishing workflow:

1. Prevent source maps in production packages:

  • In package.json:
    "scripts": {
    "build:prod": "NODE_ENV=production webpack --mode=production --devtool=false"
    }
    
  • Use `.npmignore` to block map files:
    .map
    /.map
    !.npmignore
    

2. Scan before publishing with `npm publish –dry-run`:

npm pack --dry-run | grep -E '.map$|.env|secrets'

3. GitHub Actions security (prevent leakage):

name: Security Audit
on: [bash]
jobs:
check-sourcemaps:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Find source maps
run: |
if find . -name ".map" -type f | grep -q .; then
echo "Error: Source map detected in commit!"
exit 1
fi

4. Use secret scanning tools:

 TruffleHog for secrets in source maps
trufflehog filesystem --directory . --only-verified

Gitleaks
gitleaks detect --source . --verbose

4. Cloud Hardening: Revoking and Rotating Exposed Credentials

If source maps leak API keys or tokens for AWS, Azure, or GCP, attackers can pivot to cloud resources. In the Code incident, embedded tokens for internal logging services were found.

Step‑by‑step guide to respond to leaked cloud credentials:

AWS:

 List all IAM users and roles with the exposed access key
aws iam list-access-keys --user-name <user>

Delete the compromised key immediately
aws iam delete-access-key --user-name <user> --access-key-id <EXPOSED_KEY>

Generate new key and rotate
aws iam create-access-key --user-name <user>

Check CloudTrail for unauthorized usage
aws cloudtrail lookup-events --lookup-attributes AttributeKey=AccessKeyId,AttributeValue=<EXPOSED_KEY>

Azure:

 Revoke all sessions for a compromised service principal
Revoke-AzADUser -UserPrincipalName <user> -RemoveDelegations

Rotate connection strings for storage accounts
$storageAccount = Get-AzStorageAccount -ResourceGroupName "rg" -Name "stg"
$keys = Get-AzStorageAccountKey -ResourceGroupName "rg" -AccountName "stg"
New-AzStorageAccountKey -ResourceGroupName "rg" -AccountName "stg" -KeyName "key1"
Remove-AzStorageAccountKey -ResourceGroupName "rg" -AccountName "stg" -KeyName $keys[bash].Value

5. Training Courses and Further Learning

To prevent similar incidents, organizations should invest in:

  • Secure Software Supply Chain (SSSC) training – covering npm security, source map management, and CI/CD hardening.
  • Social Engineering Awareness for Developers – how to verify GitHub repositories before using them.
  • Malware Analysis Fundamentals – static/dynamic analysis of credential stealers.

Recommended free resources:

  • OWASP Top 10 CI/CD Security Risks (2025)
  • MITRE ATT&CK Technique T1195.001 (Supply Chain Compromise)
  • SANS SEC540: Cloud Security and DevSecOps Automation

What Undercode Say:

  • Key Takeaway 1: A single 59.8 MB source map file triggered a global malware campaign. Always treat source maps as sensitive artifacts – never publish them with production packages.
  • Key Takeaway 2: Threat actors weaponize leaks within hours. Proactive monitoring of GitHub for your brand + automated takedown requests are now essential security controls.

The Code leak is not an isolated incident; it mirrors the 2021 Codecov breach and the 2023 npm `event-stream` backdoor. The attack surface has shifted from zero‑day exploits to simple operational mistakes amplified by social engineering. Organizations must implement pre-commit hooks that block source maps, enforce secret scanning in CI pipelines, and educate developers on social engineering tactics unique to open-source ecosystems. Additionally, security teams should deploy GitHub API scrapers to detect impersonation repositories using name‑squatting (e.g., -ai-internal, anthropic-tools). The real vulnerability here is not the AI code itself – it’s the human process around packaging and the blind trust developers place in GitHub as a distribution channel.

Prediction:

Within 12 months, regulatory bodies (like CISA and ENISA) will issue binding guidance requiring source map exclusion in all production software builds. We will also see a rise in “package leak insurance” and automated npm security agents that scan every published package version for source maps or secrets. AI-assisted code analysis tools will be repurposed by defenders to predict which leaked artifacts are most attractive to attackers, enabling preemptive takedowns. However, threat actors will pivot to abusing other debug artifacts (e.g., PDB files, heap dumps, crash logs) – making this a cat-and-mouse game of defensive packaging vs. creative exploitation.

▶️ Related Video (74% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Varshu25 Threat – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky