Hackers injected credential-stealing malware into Microsoft’s open source GitHub repositories, targeting developers using AI coding tools and exposing the growing threat of open-source supply-chain attacks.
Hackers have compromised multiple Microsoft open-source projects hosted on GitHub, injecting malicious code designed to steal passwords and sensitive credentials from developers using AI coding tools.
The attack targeted developers working with environments such as Claude Code, Gemini CLI and VS Code. Researchers warned that credentials could be harvested when compromised tools were opened within these AI-assisted development platforms.
In response, Microsoft disabled access to dozens of affected GitHub repositories while investigating the incident. According to GitHub notices, at least 70 repositories were taken offline, while Ars Technica reported that 73 Microsoft packages were flagged as malicious. Several repositories have since been restored, though others remain unavailable pending further review.
Many of the affected repositories were linked to Microsoft Azure, AI developer tooling and open-source resources commonly used in AI workflows. Security firm Cloudsmith and malware-tracking community OpenSourceMalware were among the first to identify and flag the compromise.
Microsoft spokesperson Ben Hope said the company had “temporarily removed some repositories as we investigated potential malicious content.” He added that “some of these repos have been restored after review, while others may remain offline while work continues.”
The incident highlights the growing risk of software supply-chain attacks, in which trusted software sources are compromised to infect downstream users. Researchers noted that this is Microsoft’s second known open-source repository compromise in recent weeks, following an earlier breach involving the Durable Task project, which OpenSourceMalware described as a possible “re-compromise.”
Microsoft has not disclosed how many users were affected or how many developers downloaded the compromised code.
