73 Microsoft open source packages found with credential-stealing code

In short: Researchers say 73 Microsoft-linked open source software packages were altered to steal developers’ login secrets, and the theft could start when opened in AI coding agents.

What happened

Security researchers reported that dozens of open source packages published under a Microsoft account were compromised late last week. GitHub’s automated systems flagged 73 packages as malicious and blocked them.

Instead of clearly warning users that the packages were dangerous, GitHub said the packages were disabled for “a violation of GitHub’s terms of service.” Microsoft later said it had temporarily removed some repositories while it investigates potential malicious content.

The added code was designed to steal credentials, meaning saved logins and access tokens (think of them as digital keycards). Researchers said the malicious code could trigger when a developer opened the package using AI coding agents such as Claude Code, Gemini CLI, Cursor, or VS Code.

This is the second similar incident in recent weeks tied to the same Microsoft GitHub account. In May, researchers documented a compromise of Microsoft’s “durabletask” Python package on PyPI, a popular download site for Python add-ons.

In both cases, researchers linked the activity to malware called Miasma. Cloudsmith said the malware can steal certain sign-in tokens used for “provenance attestation,” which is a signed label meant to show where software came from and whether it was altered (like a tamper seal on a bottle). That can make a malicious update look normal to some automated checks.

Why it matters

These attacks target the tools developers use to build apps and services. If a developer’s “keycards” are stolen, attackers may be able to get into cloud accounts and systems that power everyday websites and services.

Source: Arstechnica