The adult industry's reliance on AI-powered developer tools has been exposed as a significant security risk after researchers discovered multiple vulnerabilities in Claude Code, an AI assistant integrated with GitHub and other services. The flaws allow attackers to hijack tokens and execute malicious code via local configuration files and repository hooks, highlighting broader risks in agent-based developer tools.

What Happened

Mozilla's 0Din security researchers have warned of a new attack that abuses Claude Code and harmless-looking repositories to hijack developer machines. The attackers hide indirect prompts in normal-looking repositories that, when executed by Claude Code, cause the agent to spawn a reverse shell. This allows them to take over developers' systems without raising any red flags.

The attack relies on an error thrown during installation and on Claude Code being instructed to fix it. During the first-time setup, Claude Code is instructed to use a Python package, but the package throws an error if it has been used before initialization. The error message says "Run: python3 -m axiom init," and Claude Code reads the error and runs the command for recovery.

Running 'init' calls setup.sh, a shell script that pulls a config value from a DNS TXT record and executes it as a command, resulting in an interactive shell spawning on the developer's machine. The DNS value is base64-encoded, so a reverse-shell signature never appears in plaintext anywhere on disk or on the wire.

Background and Context

Claude Code is an AI developer assistant integrated with GitHub, Jira, and other services. It has been used by developers to automate tasks and improve productivity. However, researchers have identified multiple security flaws in Claude Code that allow attackers to hijack tokens and execute malicious code.

The most serious vulnerability involves a malicious npm package that can silently rewrite configuration files, such as ~/.claude.json, to intercept OAuth tokens used for authenticating SaaS platforms. This allows attackers to reroute requests and steal credentials without detection, as the activity appears legitimate in logs.

Why It Matters to the Industry

The security flaws in Claude Code highlight broader risks in agent-based developer tools. These tools are designed to automate tasks and improve productivity, but they can also be used by attackers to hijack tokens and execute malicious code. The adult industry relies heavily on AI-powered developer tools, making it a prime target for these types of attacks.

The attack chain runs on the same unchecked trust that makes AI developer tools so easy to adopt. Developers copy commands, paste them into their terminal, and by then, it's already too late. This highlights the need for urgent security reviews and patches in agent-based developer tools.

What Comes Next

The researchers have warned of a significant security risk in Claude Code and other AI-powered developer tools. The adult industry must take immediate action to patch these vulnerabilities and implement robust security measures to prevent attacks.

Key Facts

  • Mozilla's 0Din security researchers have warned of a new attack that abuses Claude Code and harmless-looking repositories to hijack developer machines.
  • The attackers hide indirect prompts in normal-looking repositories that, when executed by Claude Code, cause the agent to spawn a reverse shell.
  • The attack relies on an error thrown during installation and on Claude Code being instructed to fix it.
  • The most serious vulnerability involves a malicious npm package that can silently rewrite configuration files to intercept OAuth tokens.
  • The adult industry must take immediate action to patch these vulnerabilities and implement robust security measures to prevent attacks.