Microsoft disables hacked GitHub projects over password stealing code
AI
Microsoft
TLDR: LOS ANGELES—Microsoft disabled dozens of GitHub repositories after hackers injected password stealing malware that could capture credentials when developers opened compromised AI coding tools, including Azure related projects. Some repos returned after review, and a small number of customers were notified, while the full download impact remains unknown.
Key Takeaways:
- Microsoft temporarily pulled GitHub hosted open source projects tied to Azure and AI coding workflows used with tools like VS Code, Claude Code, and Gemini CLI.
- Security analysts say the injected malware harvested user passwords and other credentials when compromised tools were opened inside AI coding apps.
- Microsoft disabled at least 70 projects while investigating and re enabling some, underscoring how supply chain attacks can reach thousands of developers fast.⚠️
Open source is supposed to be transparent, yet attackers turn that trust into a credential trap. Microsoft is already juggling fixes and rechecks, but developers will still feel the unpleasant lag of uncertainty.
Open source is supposed to be transparent, yet attackers turn that trust into a credential trap. Microsoft is already juggling fixes and rechecks, but developers will still feel the unpleasant lag of uncertainty.
Q&A
How can credential theft happen inside an AI coding workflow even when the developer only opens a tool?
Because compromised code can trigger credential access at runtime. If the malware hooks into authentication steps or local storage used by the tool, it can exfiltrate secrets without needing a separate user action.
What should developers do differently when open source updates appear tied to cloud and AI toolchains?
They should verify releases and commits, pin dependencies to known good versions, and treat new updates as suspect until integrity checks and vendor advisories confirm safety.
Why might Microsoft have to notify only a small number of customers but still pull many repositories?
Repo exposure can be broad, but direct customer impact may depend on whether people actually downloaded or executed the compromised versions. Microsoft can disable repos immediately while notification hinges on narrower detection signals.
What does a possible re compromise of Durable Task imply about how attackers persist in open source incidents?
It suggests attackers either retained access through the initial pathway or found a second pathway quickly. It also raises the odds that build pipelines, maintainer accounts, or update mechanisms were not fully cleaned the first time.
What changes could reduce the odds of supply chain malware in widely used developer tools?
More robust signing, stronger maintainer access controls, monitored release pipelines, and faster dependency verification from package managers can limit the blast radius even when attackers breach repositories.
No comments yet. Be the first to share your thoughts!