Microsoft-Owned GitHub Blocks Compromised Open-Source Packages
Microsoft-owned GitHub has blocked dozens of verified open-source packages containing credential-stealing malware. The malicious code, embedded by attackers, targets cloud credentials and developer tools. This marks the second such supply-chain attack involving Microsoft repositories in recent months, raising global concerns over software supply chain security.
Key points
- Microsoft-owned GitHub blocked 73 cryptographically verified open-source packages due to advanced credential-stealing code.
- The malware targets credentials for AWS, Azure, GCP, Kubernetes, and over 90 developer tools.
- Attackers embedded the malicious code, which was triggered when developers used AI coding agents with the packages.
- GitHub initially disabled the packages for violating terms of service before Microsoft acknowledged a potential infection.
- This incident is the second supply-chain attack on Microsoft repositories in two months, highlighting security vulnerabilities.
GitHub, under Microsoft's ownership, has taken action against numerous open-source packages found to contain sophisticated credential-stealing malware. Researchers identified 73 verified packages that were compromised, with malicious code designed to extract sensitive information from cloud platforms and developer tools.
The attack vector involved embedding a 28 KB payload within the packages. This code was reportedly triggered when developers utilized AI coding agents to work with the compromised software. The stolen credentials targeted major cloud providers like AWS, Azure, and GCP, as well as Kubernetes and a wide array of developer utilities.
Initially, GitHub flagged and disabled these packages for "violation of GitHub's terms of service." Microsoft later confirmed the action, stating they had "temporarily removed some repositories as we investigate potential malicious content." This event represents the second significant supply-chain attack linked to Microsoft's repositories in as many months, amplifying concerns about the security of widely used software components.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.