An active malware campaign is targeting developers who use Claude Code, embedding persistent backdoors inside the tool's configuration files. If you've installed packages from the @redhat-cloud-services npm namespace in the past several weeks, your credentials may already be on an attacker's server.
The compromised libraries span 32 separate npm packages under that namespace, which collectively pull around 117,000 weekly downloads. The target audience - enterprise developers working with cloud services - makes the namespace name plausible enough that a dependency could slip in without a second look.
How the Backdoor Persists
The attack runs in two stages. Installing an affected package triggers code that writes itself into two places: your Claude Code startup settings and your VS Code project configuration. From that point forward, every time you open either application, the injected code runs automatically.
This is what makes the attack dangerous beyond a typical credential stealer. Removing the compromised npm package does nothing once that injection has happened. The malware lives in your config files and keeps executing on every launch, silently collecting credentials and sending them to an attacker-controlled server. API keys, SSH keys, AWS credentials, GitHub tokens, environment variables from your .env files - anything the process can read is in scope.
What to Do Right Now
Treat this as an active incident, not a precaution, if you've installed any @redhat-cloud-services packages recently.
Rotate credentials first. Before cleaning up files, assume your credentials have already been captured. Rotate API keys for any services you access from that machine - Anthropic, OpenAI, AWS, GCP, Azure, GitHub, and anything else stored in environment variables or credential files. Getting the attacker locked out of your accounts matters more than cleanup order.
Audit your config files. Check your Claude Code startup configuration and your VS Code workspace settings (the .vscode/settings.json in any projects you've opened recently) for code that wasn't put there by you. Look for external URLs, unfamiliar scripts, or anything that resembles injected code rather than normal configuration.
Remove the packages and injected code. Once credentials are rotated, uninstall the affected npm packages. Then manually clean any injected content from your config files - uninstalling the package alone leaves the backdoor in place.
Why AI Dev Tools Are a High-Value Target
AI coding tools like Claude Code operate with significant trust inside your development environment: they read your file system, can execute code, and open on startup automatically. Their configuration files are exactly the kind of persistent, trusted location that malware wants to live in.
The @redhat-cloud-services namespace mimics legitimate Red Hat infrastructure tooling - the kind of package name that might appear in an enterprise dependency chain without triggering alarm bells. Supply chain attacks on npm are not new, but injecting into AI dev tool configs as the persistence mechanism is a pattern worth flagging to your security team.
If your organization has developers using Claude Code or similar AI coding assistants, startup config auditing should be on your security checklist now.