'Agentic coding tools have access to everything they need for this': Security experts warn Claude Code can be…
- Claude Code ran the dangerous command while treating it as routine recovery
- A single fake error message triggered the entire hidden attack chain
- Static scanners and firewalls saw nothing more than normal DNS resolution
Researchers at Mozilla's 0din team have shown how Claude Code can be manipulated into opening a hidden reverse shell on a developer's device.
The exploit required no malicious code inside the cloned project, since every visible file passed ordinary review without raising suspicion.
Instead, the dangerous instruction arrived later, fetched at runtime from a DNS text record that no scanner would ever inspect.
How a Routine Setup Error Became an Entry Point
The attack began with an unremarkable Markdown file explaining how to install a package called Axiom, a common monitoring tool.
Running the tool without initialising it produced a plain error message instructing the user to execute a specific setup command.
The research teamnoted...
Copyright of this story solely belongs to techradar.com. To see the full text click HERE