Clean GitHub repo tricks AI coding agents into running malware
Summary
Researchers at Mozilla's security platform discovered that AI coding agents like Claude Code can be tricked into running malware hidden inside a seemingly clean GitHub repository through a social engineering chain: a harmless-looking setup instruction causes an error, the AI automatically runs a suggested fix command, which then secretly fetches and executes malicious code from a DNS record (a server lookup system) controlled by the attacker. This attack is particularly dangerous because it leaves no suspicious code in the repository itself and the AI agent never directly evaluates the malicious payload.
Solution / Mitigation
According to 0DIN researchers, "AI agents should disclose the full execution chain of setup commands, including scripts and code fetched dynamically at runtime" to prevent such exploitation.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/
First tracked: June 27, 2026 at 02:01 PM
Classified by LLM (prompt v3) · confidence: 92%