Malware Disguised as AI Code Assistant Plugins Evades Security Scans, Threatening Developers

Malware Disguised as AI Code Assistant Plugins Evades Security Scans, Threatening Developers

A new wave of malware is bypassing security measures designed for AI code assistants like Claude Code and OpenAI Codex. Researchers have discovered malicious programs hidden within 'proxy skill packages' that can evade automated scans while retaining their full malicious capabilities.

MundiX News·08 de julho de 2026·6 min de leitura·👁 1 views

A novel class of malware is capable of circumventing the security protections accompanying mainstream AI code assistants, enabling covert attacks. Researchers have identified malicious programs concealed within 'proxy skill packages' – small extension plugins used by tools such as Claude Code and OpenAI Codex – that can evade automated security scanning and detection through obfuscation and modification, while fully preserving their malicious execution logic.

Proxy skills are essentially equivalent to plugins, designed to extend the functionality of AI code agents on demand. These skill packages are typically distributed in folder formats, containing natural language configuration instructions, execution scripts, and supporting resource files. The low barrier to entry and ease of distribution for these skill packages have led to a rapid proliferation; within months of the format's official release in late 2025, the number of skills available on a public platform surpassed 40,000. This vast inventory makes them a prime target for attackers. When a skill package runs, it inherits all the permissions of the AI agent that loaded it, granting direct access to the developer's local files, saved account credentials, and various third-party linked accounts. Attackers have already exploited these permission vulnerabilities to deploy malicious skill packages disguised as useful tools, stealing browser login credentials, SSH private keys, and even cryptocurrency wallet data.

The Arxiv research team has released a special report to 'Cybersecurity News' (CSN), detailing the practical testing process of this threat. The team developed a tool called SkillCloak to verify whether existing skill scanning tools can identify disguised malicious programs. The test results are highly alarming: the research collected over 1,600 real-world malicious skill samples found in the wild and tested them against eight mainstream scanning tools. After undergoing disguise processing, nearly all malicious samples successfully bypassed detection. The team also confirmed that the code obfuscation process does not impair the original functionality of the malicious code. When a disguised malicious skill package is integrated into a real code agent environment and executed, the malicious payload can fully perform its preset data-stealing actions, with no functional loss for the attacker employing these evasion techniques.

Two Core Techniques for Attack Evasion The scanning evasion techniques employed by this type of malware rely on two core methods:

The first is Structural Obfuscation, which involves equivalent rewriting of high-risk content (such as suspicious system commands, malicious domain names, or password-related function calls). After rewriting, the program's execution logic remains unchanged, but scanning tools are unable to identify the risky features. The second evasion method, named Self-Extracting Skill Encapsulation, offers stronger evasion. It goes beyond simple text obfuscation of malicious code by hiding the complete malicious payload in scanning blind spots, such as directories that scanning tools typically ignore or within encrypted garbled data blocks. The malicious code is only dynamically restored and released when the AI agent actually launches the skill package. During the static detection phase, scanning tools cannot read the actual attack payload, leaving virtually no detectable risk features.

Test data indicates that the encapsulation evasion method achieved a bypass success rate of over 90% for all tested scanning tools. Even using only structural obfuscation managed to fool over 80% of detection tools. This vulnerability exposes fundamental flaws in existing detection systems: current mainstream scanning tools rely solely on the static text characteristics of skill packages for judgment and cannot identify their actual malicious behavior after installation and execution.

Real-World Attack Examples Serve as a Warning This threat is not merely theoretical. An attack group known as ClawHavoc has already deployed hundreds of malicious skill packages in public skill marketplaces. Statistics show that the number of compromised program packages exceeds 300, with the scale of affected samples being even higher across different ecosystems. Once a developer unknowingly installs such a malicious skill, their device will silently run information-stealing programs in the background, systematically pilfering local login records, credential passwords, and cryptocurrency wallet files.

Researchers reviewing similar security incidents unanimously recommend protective measures: strictly prohibit AI agents from automatically executing configuration scripts embedded within skill packages and always manually review script content. Treat skill packages from unknown sources with the same high level of vigilance as unfamiliar third-party programs from the internet. To address the shortcomings of traditional static scanning tools, the research team has also developed a detection tool called SkillDetonate. This tool abandons static text feature judgment logic and instead deploys skill packages into an isolated sandbox environment for dynamic execution, continuously monitoring behaviors such as file read/write, network outbound connections, and data exfiltration.

In testing, this behavior-based analysis detection solution successfully intercepted the vast majority of malicious skill packages, including all disguised malicious samples that bypassed static scanners. Core Security Conclusions for AI Code Tool Users All developers using AI code assistance tools must remember the core protection principles: while manual review of skill source code before installation is still necessary, source code review alone is no longer sufficient to defend against new types of attacks. Pre-running unfamiliar skill packages in an isolated environment, continuously monitoring for abnormal network outbound connections, and strictly limiting the local directories and credential permissions accessible by AI agents have transitioned from optional protective measures to essential security operational practices.

🛡️⚡

Pare de pesquisar. Comece a hackear.

O MundiX é seu copiloto de pentest com IA: comandos exatos, análise de outputs e próximo passo na kill chain — em segundos.

Testar grátis por 7 dias →

Sem cartão para começar · Planos a partir de R$49/mês

📤 Compartilhar & Baixar

🧰 Ferramentas recomendadas

Divulgação: alguns links são patrocinados. Podemos receber comissão se você comprar — sem custo extra para você. Só indicamos o que faz sentido para a comunidade.

Aprendendo Kali Linux: Teste de segurança, pentest e hacking ético

Aprendendo Kali Linux: Teste de segurança, pentest e hacking ético

Com centenas de ferramentas pré-instaladas, a distribuição Kali Linux facilita o trabalho de os profissionais de segurança começarem a fazer testes de segurança rapidamente. No entanto, com mais de 600 ferramentas em seu arsenal, o Kali Linux também pode ser desafiador. A nova edição deste prático livro abrange as atualizações nas ferramentas e inclui uma melhor abordagem da análise forense e da engenharia reversa. Ric Messier, autor, não fica apenas no teste de segurança, mas também faz uma abordagem sobre a execução de análise forense, incluindo a análise em disco e na memória, assim como alguma análise básica de malware. • Explore as diversas ferramentas disponíveis no Kali Linux • Entenda o valor do teste de segurança e examine os tipos de teste disponíveis • Aprenda os aspectos básicos do pentest em todo o ciclo de vida do ataque • Instale o Kali Linux em vários sistemas, tanto físicos quanto virtuais • Descubra como usar diferentes ferramentas destinadas à segurança • Estruture um teste de segurança baseado nas ferramentas do Kali Linux • Estenda as ferramentas do Kali para criar técnicas de ataque avançadas • Use o Kali Linux para ajudar a criar relatórios quando o teste terminar “A abordagem concisa, clara e baseada na experiência adotada por Ric Messier para a introdução do Kali Linux e dos testes de cibersegurança é incomparável. Este livro é uma leitura excelente e acessível para iniciantes e um recurso valioso para qualquer pessoa.” —Alexander Arlt, Consultor sênior de segurança, Google

Ver na Amazon
Gshield 2 em 1 Hub Extensor Conector USB-C + USB-A e Adaptador de Rede Ethernet LAN RJ45 com 3 Entradas USB 3.0 até 5 Gbps em Liga de Alumínio para Computador e Notebook, Cinza

Gshield 2 em 1 Hub Extensor Conector USB-C + USB-A e Adaptador de Rede Ethernet LAN RJ45 com 3 Entradas USB 3.0 até 5 Gbps em Liga de Alumínio para Computador e Notebook, Cinza

Compatível com portas USB-C e USB-A, ideal para ampliar a conectividade de dispositivos como MacBook Pro e outros com portas USB-C. Inclui um adaptador USB-A extra, proporcionando uma conexão Ethernet estável e veloz de até 1 Gbps, perfeita para filmes, jogos online e videoconferências. Oferece três portas USB 3.0 com velocidades de transferência de até 5 Gbps, permitindo conectar mouse, teclado, discos rígidos e outros periféricos. Fabricado em alumínio durável, garantindo longa vida útil e resistência ao uso diário. Design compacto e leve, ideal para viagens de negócios e uso diário, facilitando o transporte e armazenamento. Funciona com Windows 10/8.1/8, Mac OS e Chrome OS, oferecendo versatilidade incomparável para diversas necessidades de conectividade. Assegura uma conectividade estável e rápida, perfeita para tarefas exigentes como transferência de dados, streaming e mais.

Ver na Amazon
Hacking APIs: Breaking Web Application Programming Interfaces

Hacking APIs: Breaking Web Application Programming Interfaces

Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. You'll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you'll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you'll learn to perform common attacks, like those targeting an API's authentication mechanisms and the injection vulnerabilities commonly found in web applications. You'll also learn techniques for bypassing protections against these attacks. In the book's nine guided labs, which target intentionally vulnerable APIs, you'll practice: Enumerating APIs users and endpoints using fuzzing techniques Using Postman to discover an excessive data exposure vulnerability Performing a JSON Web Token attack against an API authentication process Combining multiple API attack techniques to perform a NoSQL injection Attacking a GraphQL API to uncover a broken object level authorization vulnerability

Ver oferta
Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition

Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition

Up-to-date strategies for thwarting the latest, most insidious network attacks This fully updated, industry-standard security resource shows, step by step, how to fortify computer networks by learning and applying effective ethical hacking techniques. Based on curricula developed by the authors at major security conferences and colleges, the book features actionable planning and analysis methods as well as practical steps for identifying and combating both targeted and opportunistic attacks. Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition clearly explains the enemy's devious weapons, skills, and tactics and offers field-tested remedies, case studies, and testing labs. You will get complete coverage of Internet of Things, mobile, and Cloud security along with penetration testing, malware analysis, and reverse engineering techniques. State-of-the-art malware, ransomware, and system exploits are thoroughly explained. Fully revised content includes 7 new chapters covering the latest threats Includes proof-of-concept code stored on the GitHub repository Authors train attendees at major security conferences, including RSA, Black Hat, Defcon, and B-Sides

Ver na Amazon
Bloqueador USB de privacidade de porta USB para PC, notebook, bloco de laptop,

Bloqueador USB de privacidade de porta USB para PC, notebook, bloco de laptop,

Proteção de privacidade aprimorada: protege o link de transmissão de dados para evitar roubo de informações, fornecendo proteção de segurança robusta que protege a privacidade do usuário durante transferências de arquivos e garante uma conexão segura para interações de dispositivos sem preocupações em vários ambientes Uso a longo prazo: a camada protetora resistente ao desgaste, combinada com um corpo de metal resistente, oferece gerenciamento de calor confiável e qualidade duradoura durante o uso diário Entrega eficiente de energia: a tecnologia de chip inteligente garante a identificação automática dos requisitos de energia, fornecendo carregamento eficiente alinhando-se com vários protocolos de carregamento rápido para maior conveniência Proteção contra sobrecarga: evitando riscos de sobrecarga, este bloqueador de dados USB protege a vida útil da bateria e garante um desempenho estável, mantendo um fluxo estável de energia para melhorar a longevidade do dispositivo de forma eficaz Prático de transportar: com atenção à portabilidade, este bloqueador de dados USB oferece um design compacto que é leve e fácil de transportar, melhorando a conveniência do usuário e operação eficiente

Ver na Amazon

📩 Newsletter MundiX

Receba novidades de cibersegurança + um checklist de pentest grátis. Sem spam.

Ao assinar você concorda em receber e-mails. Cancele quando quiser.