Hackers can set up seemingly benign GitHub repositories to spread malware, bypassing security checks and AI agents.
Researchers at Mozilla’s Zero Day Investigative Network (0DIN) discovered a new attack method that uses three components:
1. A clean-looking GitHub repository with setup instructions.
2. A Python package designed to refuse execution until initialized, generating an error message.
3. A shell script that retrieves a configuration value from a DNS TXT record controlled by the attacker.
The attack chain is automated, including a step mimicking a common user error. If successful, attackers gain access to developer privileges, environment variables, and API keys.
To prevent such exploitation, AI agents should disclose full execution chains of setup commands. Security teams need to test every layer before attackers do, as 54% of successful attacks go undetected despite alerts from only 14%.
Source: https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware