A clean GitHub repository with no malicious code just demonstrated that Claude Code can be tricked into opening a hidden reverse shell



  • Claude Code executed the dangerous command while treating it as a routine recovery
  • A single fake error message triggered the entire chain of hidden attacks
  • Static scanners and firewalls saw nothing more than a normal DNS resolution

Researchers on Mozilla’s 0din team have demonstrated how Claude Code can be manipulated to open a hidden reverse shell on a developer’s device.

The exploit did not require malicious code within the cloned project, as every visible file passed a regular check without raising suspicion.

Leave a Comment

Your email address will not be published. Required fields are marked *