Microsoft GitHub Repos Hacked to Steal AI Developer Credentials

Key Takeaways

• 73 Microsoft-owned GitHub repositories were compromised with credential-stealing malware
• The attack targeted developers using AI coding tools including Claude Code, Gemini CLI, and VS Code
• This is Microsoft's second open-source security breach in recent weeks

What Happened

Microsoft has cut off access to dozens of its open-source projects on GitHub after hackers injected password-stealing malware into the code. At least 73 repositories have been disabled, many of them related to Azure and tools used by developers working with AI coding applications.

The malware, dubbed "Miasma" by security researchers, targeted developers using popular AI coding assistants. When developers opened compromised tools in apps like Claude Code, Gemini's command line interface, or VS Code, the malicious code would steal passwords and other sensitive credentials from their systems.

Security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware were among the first to flag the hack. The breach forces a security reckoning for the AI development community, as it shows how agentic coding workflows are uniquely vulnerable when their underlying infrastructure gets compromised.

Microsoft's Response

Microsoft confirmed it pulled the repositories. Spokesperson Ben Hope told TechCrunch that the company has "temporarily removed some repositories as we investigated potential malicious content."

“Some of these repos have been restored after review, while others may remain offline while work continues. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories.”

— Ben Hope, Microsoft spokesperson

Microsoft did not provide the specific number of affected customers when asked by TechCrunch. The company said it will continue to investigate and reach out directly through established support channels if further customer action is required.

Visitors to the affected project pages on GitHub now see a message stating: "Access to this repository has been disabled by GitHub Staff due to a violation of GitHub's terms of service."

The Scale of the Damage

It's not immediately known how many developers downloaded the affected tools. However, security researchers have traced the breach to bot networks that accumulated an estimated $12.5 million in stolen API credits from OpenAI and Anthropic.

“This isn't just a bug; it's a fundamental exploitation of the trust developers place in core library providers.”

— Sarah Jenkins, Lead Security Analyst at SentinelSafe

Azure Infrastructure Lead Marcus Thorne said the team is "auditing every line of code that interacts with the filesystem to ensure these malicious hooks are completely excised."

Why Supply Chain Attacks Matter

This is the latest example of hackers breaching widely popular open-source projects with the aim of planting malware on a large number of users. These are known as "supply chain" attacks because they target code used in many software products or by specific kinds of users who have access to cloud systems and customer data.

While it's not uncommon for sole developers of open source projects to be targeted by hackers, it is rare for large tech giants like Microsoft to get breached. The company has the resources to defend against these kinds of attacks. Yet this is Microsoft's second known breach in recent weeks that has allowed hackers to compromise its open-source projects, according to Ars Technica.

Developer Community Reaction

Discussions on Hacker News have focused on the danger of automatic dependency updates in CI/CD pipelines. Many developers are now advocating for strict "pinned" dependency versions and air-gapped development environments for production secrets.

On Reddit's r/programming, the sentiment is one of widespread alarm. Developers are questioning the security model of modern "agentic" coding assistants that frequently access local system files and configuration paths. These AI tools often need broad filesystem access to be useful, which creates a larger attack surface when their dependencies are compromised.

What Developers Should Do Now

• Check if you've pulled from any of the 73 affected Microsoft repositories in recent weeks
• Rotate any API keys or credentials that may have been exposed to your development environment
• Review your CI/CD pipelines for automatic dependency updates that could pull compromised code
• Consider using pinned dependency versions rather than floating version ranges
• Monitor Microsoft's support channels for direct notifications about affected repositories

Frequently Asked Questions

Which Microsoft repositories were affected by the hack?

At least 73 Microsoft-owned GitHub repositories were compromised, many related to Azure and AI development tools. Microsoft has not released a complete list but has been notifying affected customers directly.

How do I know if my credentials were stolen?

If you used Claude Code, Gemini CLI, VS Code, or other AI coding tools with Microsoft Azure libraries in recent weeks, your credentials may be at risk. Microsoft says it is reaching out to affected customers through established support channels.

What is a supply chain attack?

A supply chain attack targets code that is widely used in other software products. By compromising a popular library or tool, hackers can reach many users at once rather than attacking them individually.

Has Microsoft fixed the vulnerability?

Microsoft has disabled affected repositories and is reviewing them. Some have been restored after review, while others remain offline. The company is auditing all code that interacts with the filesystem.

How can developers protect themselves from similar attacks?

Use pinned dependency versions instead of floating ranges, rotate credentials regularly, consider air-gapped environments for sensitive work, and monitor security advisories from your tool providers.

Source: TechCrunch / Zack Whittaker