Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

Key Points:

• OAuth tokens in Claude Code can be stolen through a stealthy man-in-the-middle (MITM) attack, allowing attackers to gain unauthorized access to connected tools.
• The attack targets the MCP configuration stored in ~/.claude.json, enabling redirection of traffic through the attacker’s infrastructure without user awareness.
• Recommended actions include monitoring for changes in Claude Code configurations, MCP server URLs, OAuth refresh behaviors, and unusual SaaS API activities.

Technical Details: Attackers exploit a vulnerability by installing a tailored npm package that modifies the MCP server configuration, allowing them to intercept OAuth tokens during transmission. This method leverages a post-installation hook to ensure persistence and stealth.

MITRE ATT&CK Techniques:

• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
• T1550.002 - Use Alternate Authentication Material: OAuth (Credential Access)
• T1553.001 - Subvert Trust Controls: Code Signing (Defense Evasion)

IOCs Mentioned: None mentioned