{"slug": "claude-code-runs-a-github-repo-s-hidden-malware-without-verification-giving-full", "title": "Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control", "summary": "Security researchers at Mozilla's 0DIN platform demonstrated that a compromised GitHub repository can infect a developer's machine when an AI coding tool like Claude Code executes its setup, with malicious code loading at runtime via a DNS query to evade detection.", "body_md": "Security researchers at Mozilla's 0DIN platform have shown how a single compromised GitHub repo can take over a developer's machine the moment an AI coding tool like Claude Code runs its setup. The catch: the malicious code only loads at runtime via a DNS query, invisible in the repo, to scanners, and to the AI agent itself.\n\nThe article [Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control](https://the-decoder.com/claude-code-runs-a-github-repos-hidden-malware-without-verification-giving-attackers-full-control/) appeared first on [The Decoder](https://the-decoder.com).", "url": "https://wpnews.pro/news/claude-code-runs-a-github-repo-s-hidden-malware-without-verification-giving-full", "canonical_source": "https://the-decoder.com/claude-code-runs-a-github-repos-hidden-malware-without-verification-giving-attackers-full-control/", "published_at": "2026-06-29 10:04:32+00:00", "updated_at": "2026-06-29 10:35:58.759634+00:00", "lang": "en", "topics": ["ai-safety", "ai-tools", "developer-tools"], "entities": ["Mozilla", "0DIN", "Claude Code", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/claude-code-runs-a-github-repo-s-hidden-malware-without-verification-giving-full", "markdown": "https://wpnews.pro/news/claude-code-runs-a-github-repo-s-hidden-malware-without-verification-giving-full.md", "text": "https://wpnews.pro/news/claude-code-runs-a-github-repo-s-hidden-malware-without-verification-giving-full.txt", "jsonld": "https://wpnews.pro/news/claude-code-runs-a-github-repo-s-hidden-malware-without-verification-giving-full.jsonld"}}