How a Clean GitHub Repo Tricks Your AI Coding Agent Into Running Malware
New Delhi, June 28 -- SAN FRANCISCO - The repository contained no malicious code. Not a single line. A researcher from Mozilla's Zero Day Investigative Network cloned it, opened Claude Code to help set up the project, and watched as the agent encountered a package initialization error and - helpfully - ran a recovery command. That command called an attacker-controlled shell script. The shell script queried a DNS TXT record. The developer's machine had a reverse shell, and the repository still contained nothing detectable as malware.
they read instructions and act on them. Every major AI coding tool - Claude Code, Cursor, GitHub Copilot, Gemini CLI - is vulnerable to some version of this. The attack surface is every developer who uses one...
Click here to read full article from source
To read the full article or to get the complete feed from this publication, please
Contact Us.