// ClaudeMEDIUM
Mozilla 0DIN researchers disclosed a proof-of-concept attack against Claude Code that exploits automated error recovery to achieve remote code execution. The attack chains three benign-looking components—a GitHub repository, a Python package requiring initialization, and an attacker-controlled DNS TXT record—to trick Claude Code into executing a reverse shell. No malicious code appears in the repository; the payload is fetched only at DNS resolution time, allowing it to evade static scanners and safety checks. No active exploitation has been reported; the attack requires a developer to clone an attacker-controlled repository.
- Mozilla 0DIN Demonstrates GitHub-based Agent Exploit | Let's Dat(opens in a new tab)
- AI coding agents can be tricked into installing malware via 'cle(opens in a new tab)
- Researchers Demo New Claude Code Attack Using Harmless-Looking R(opens in a new tab)
- Researchers Demo New Claude Code Attack Using Harmless-Looking R(opens in a new tab)
// Get alerts for Claude