AIThe Decoderabout 2 hours ago

Claude Code runs hidden malware from GitHub repo

1 min read

Security researchers at Mozilla's 0DIN platform demonstrated that a compromised GitHub repo can take over a developer's machine when Claude Code runs its setup. The malicious code loads at runtime via a DNS query, remaining invisible to scanners and the AI agent.

Level

Hype check

Tap to vote and see what everyone thinks.

In this storyAnthropic GitHub