Hackers Exploit Git Vulnerability with AGENTS and CLAUDE Using Random Data from /dev/urandom
agents claude
| Source: Mastodon | Original article
Malicious code targets Git repositories, creating symbolic links to random devices.
A mysterious bash command has surfaced, aiming to create symbolic links to random data within Git repositories. The command, `find . -type d -name .git -execdir sh -c 'for i in "AGENTS" "CLAUDE"; do ln -s /dev/urandom "${i}.md"; done'`, targets directories named `.git` and attempts to link files named `AGENTS.md` and `CLAUDE.md` to `/dev/urandom`, a special file that generates random data.
This development matters because it could potentially disrupt or manipulate the functionality of language models (LLMs) that rely on Git repositories for their operation. As we have previously reported, LLMs are increasingly being used for various applications, and their reliability is crucial. The command's intention is unclear, but its execution could lead to unpredictable behavior in affected systems.
As this story unfolds, it is essential to monitor the impact of this command on Git repositories and LLMs. Developers and users should be cautious when encountering unusual activity in their repositories, and investigators should strive to understand the motivations behind this command. Further analysis and updates will be necessary to determine the full extent of this development's consequences.
Sources
Back to AIPULSEN