←back to thread

Malicious versions of Nx and some supporting plugins were published

(github.com)
441 points longcat | 1 comments | 27 Aug 25 01:38 UTC | HN request time: 0.238s | source
Show context
grav ◴[27 Aug 25 13:08 UTC] No.45039159[source]
> Interestingly, the malware checks for the presence of Claude Code CLI or Gemini CLI on the system to offload much of the fingerprintable code to a prompt.

Can anyone explain this? Why is it an advantage?

replies(3): >>45039226 #>>45039286 #>>45039823 #
cluckindan ◴[27 Aug 25 13:17 UTC] No.45039286[source]
The malware is not delivering any exploits or otherwise malicious-looking code, so endpoint security is unlikely to flag it as malicious.
replies(1): >>45041572 #
1. skybrian ◴[27 Aug 25 16:09 UTC] No.45041572[source]
That’s because it’s new. Perhaps feeding prompts into Claude Code and similar tools will be considered suspicious from now on?