Hackers Troll Amazon via GitHub — Inject ‘sudo rm -rf’ into Q
Amazon was forced to urgently remove a compromised version of its AI coding assistant Q after hackers quietly slipped in a destructive command. The malicious suggestion prompted the AI to use terminal access to delete files and directories on the user’s machine — including AWS cloud resources.
Amazon was forced to urgently remove a compromised version of its AI coding assistant Q after hackers quietly slipped in a destructive command. The malicious suggestion prompted the AI to use terminal access to delete files and directories on the user’s machine — including AWS cloud resources.
According to 404 Media, the rogue code appeared in version 1.84 of the Amazon Q extension for Visual Studio Code, after someone submitted a pull request on GitHub on July 13. Amazon reacted quickly, pulling the infected version from the extension marketplace and quietly replacing it with version 1.85, which no longer contained the embedded attack.
Journalists were able to confirm that the compromised version included dangerous prompts telling the AI to "reset the system to a factory-like state", starting with the user’s home directory. It then instructed deletion of config files and even cloud infrastructure using AWS CLI commands like aws terminate-instances, aws s3 rm, and aws iam delete-user.
It appears the malicious extension did not fully deploy before being discovered. However, Amazon revised its external contribution policies on July 18 — five days after the deletion commands were introduced, and five days before the incident became public.
In a statement to Tom’s Hardware, an AWS spokesperson said that security remains a top priority. Amazon quickly neutralized the attempted attack on two open-source repositories and confirmed that no customer data was compromised. Users are advised to update to version 1.85 of the extension; no further action is required.
This incident serves as another warning sign for developers embracing the hype of "vibe-coding" — relying too heavily on AI tools without verifying their outputs. Just recently, another developer reported that an AI assistant from Replit accidentally deleted a critical database, without any external intrusion involved.
