Microsoft has suspended access to dozens of its open-source projects on GitHub while it investigates how hackers apparently compromised them and inserted password-stealing malware into the code. Many of the affected repositories are related to Microsoft’s Azure cloud service and developer tools used with AI coding applications such as Claude Code, Gemini’s command-line interface, and VS Code. According to security firm Cloudsmith and the community malware analysis site OpenSourceMalware, which first flagged the incident, the malicious code allowed attackers to steal users’ passwords and other sensitive credentials when the compromised tools were opened inside AI coding environments. It is not yet clear how many people downloaded the affected packages. Microsoft confirmed it had taken the repositories offline, as first reported by 404 Media. A company spokesperson, Ben Hope, told TechCrunch that Microsoft has “temporarily removed some repositories as we investigated potential malicious content.” Some of these repositories have been reinstated following a review, whereas others might stay offline as efforts continue. As part of our investigation, we reached out to a small group of customers who may have downloaded content from the impacted repositories. We will keep investigating the issue, and should we discover anything else that needs customer attention, we will contact you directly via our official support channels,” Hope added. When asked by TechCrunch, Microsoft declined to immediately disclose the exact number of impacted customers. According to an error message that appears when attempting to visit the projects’ pages, at least 70 Microsoft-owned projects have been “disabled” on GitHub—the code-hosting platform owned by Microsoft. GitHub Staff has disabled access to this repository for violating GitHub’s terms of service. Image source: TechCrunch/screenshot. This represents the most recent instance in a string of incidents over the past few months where cybercriminals have compromised widely used open-source projects in an effort to embed malware that affects a vast number of users who have incorporated the code into their systems. These so-called “supply chain” attacks focus on widely reused code found in many software products or used by particular groups of users—often valuable targets because they frequently have access to cloud infrastructure and vast stores of customer data. While it’s not unusual for lone maintainers of open-source projects to be singled out by hackers—sometimes through prolonged campaigns to win their trust—it’s uncommon for well-resourced tech giants like Microsoft, which have robust defenses against such attacks, to be successfully breached. According to Ars Technica, this is the second time in recent weeks that hackers have managed to compromise Microsoft’s open-source projects.
