Miasma Worm Compromises 73 Microsoft GitHub Repositories A stealthy malware campaign against Microsoft’s open-source ecosystem has exposed how quickly AI-assisted coding can become a new vector for supply‑chain attacks, and how slowly official responses can catch up.

Early June: Discovery of a self‑replicating worm

In early June, security researchers disclosed that a credential‑stealing malware worm, dubbed Miasma, had infected 73 cryptographically verified open‑source packages hosted in Microsoft-run GitHub repositories across Azure and other Microsoft organizations. The malware was engineered to trigger specifically when opened in AI coding tools such as Claude Code and Cursor, effectively turning popular AI agents into unwitting execution environments for the attack payload.

How the attack works — and why it’s different

Investigators reported that the compromised packages executed a 28KB payload designed to steal credentials from major cloud providers and developer tools, then propagate laterally across cloud infrastructure and developer machines. This approach allowed attackers to bypass traditional hash-based detection and exploit the trust developers place in cryptographically signed, “official” packages.

The incident followed a similar May compromise of Microsoft’s durabletask Python SDK, a widely used framework that receives roughly 400,000 downloads per month, marking the second Microsoft repository supply‑chain breach in as many months.

Microsoft’s response vs. researchers’ warnings

GitHub’s automated systems flagged and blocked the malicious packages, but initially labeled them only as violating “GitHub’s terms of service,” encouraging maintainers to get in touch rather than warning of malware. Security researchers urged developers who interacted with the packages using AI agents to assume compromise and respond accordingly.

Microsoft later acknowledged it had “temporarily removed some repositories” while investigating “potential malicious content,” signaling a more explicit recognition of the threat. Analysts say the back‑to‑back incidents underscore growing systemic risk in AI‑driven software supply chains, where trusted repositories and AI tools can be chained together to scale attacks.

Continue reading https://foxvector.com/stories/019ea984-5bee-096e-723e-185b75a344b1