Red teamers turned Claude Desktop into a double agent to do their evil bidding
21 hours ago
- #Claude Desktop exploit
- #remote code execution
- #AI security
- Pentera Labs red team compromised a developer's Claude Desktop app to achieve remote code execution, turning the AI assistant into an attacker-controlled agent.
- Attackers used a compromised email inbox to access the victim's Claude account and exploited sync features to spread malicious instructions across devices.
- The attack involved a base64-encoded prompt that forced Claude to check for command tools, execute malicious code, or display fake error messages to trick users.
- If no command tools were installed, Claude acted as a 'phishing layer' with realistic error messages prompting users to download attacker-controlled tools.
- Anthropic responded that the behavior is a feature, not a bug, as personal preferences and connectors are designed to execute code through Claude Desktop.
- Recommendations include sandboxing AI apps, monitoring configuration changes, restricting extensions, and adding AI desktop apps to red team assessments.