logo

Clean GitHub repo tricks AI coding agents into running malware

ID: 5af3bae5-5691-59e8-a68d-03855eaf2826

STIX ID: report--5af3bae5-5691-59e8-a68d-03855eaf2826

Feed Name: Bleeping Computer

Threat Score
65/100

Date Published: 2026-06-27

Date Updated: 2026-06-27

Author: Bill Toulas

...
...

Mozilla 0DIN researchers demonstrated a proof-of-concept attack in which an AI coding agent autonomously executes standard setup commands from a seemingly clean GitHub repository; an initialization command runs a script that retrieves a DNS TXT record controlled by an attacker and executes it, yielding a reverse/interactive shell with the developer's privileges. The chain contains only benign repository contents and automated agent actions, making it stealthy and recommending that agents disclose full execution chains and any dynamically fetched scripts.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.