MOZILLA'S 0Din security researchers have identified a sophisticated attack method exploiting AI coding tools like Claude Code. By embedding indirect prompts in seemingly benign repositories, attackers can trigger a reverse shell on developers' systems without raising suspicions. The attack exploits normal installation processes, where an error during setup leads the AI to execute a command that ultimately opens an interactive shell.
The malicious payload is hidden within a DNS TXT record, making it undetectable by traditional security measures. Once accessed, attackers can exfiltrate sensitive information and establish persistent backdoors.