Microsoft Sees 73 Open-Source Packages Poisoned With Credential-Stealing Malware
Updated
Updated · Ars Technica · Jun 8
Microsoft Sees 73 Open-Source Packages Poisoned With Credential-Stealing Malware
3 articles · Updated · Ars Technica · Jun 8
Summary
73 cryptographically verified Microsoft-linked packages were flagged as malicious after attackers inserted code that activated when developers opened them in AI coding agents.
A 28 KB payload stole credentials from AWS, Azure, GCP, Kubernetes, password managers and more than 90 developer-tool configurations, then moved laterally through cloud environments to infect other machines.
GitHub initially said the packages were disabled for terms-of-service violations rather than labeling them malicious; Microsoft only said Monday it had removed some repositories while investigating potential malicious content.
The breach stemmed from compromised Microsoft publishing credentials, researchers said, letting attackers steal a legitimate OIDC token and bypass normal build-pipeline protections.
The incident is Microsoft's second supply-chain compromise in about a month, after the May durabletask Python SDK attack tied to TeamPCP and malware tracked as Miasma.
With AI coding tools now a primary backdoor, how can developers write code without compromising their entire company?
Attackers now forge software integrity proofs. How can we trust our code when the verification itself is compromised?
A cybercrime group now open-sources its attack tools. How does this change the threat landscape for every company?
The Miasma Attack: How Over 61,000 Compromised npm Tokens Exposed Systemic Supply Chain Vulnerabilities in 2026
Overview
In June 2026, the Miasma Attack struck Microsoft by exploiting the trust at the core of modern software development platforms like npm and GitHub. Instead of using traditional software vulnerabilities, attackers compromised trusted developer accounts and their signing credentials, allowing the Miasma worm to operate through legitimate channels. This made the attack nearly invisible to conventional defenses, as malicious updates appeared routine and authorized. By subverting the trust model that assumes authenticated maintainers are safe, the attack highlighted a critical weakness in the software supply chain, showing how easily trust can be weaponized to bypass security and spread rapidly.