Microsoft Discovered Hackers Pushing Malware Through Its Own GitHub Repositories
What Happened
Microsoft discovered that hackers had compromised its own infrastructure and pushed malware through at least 70 of its GitHub repositories. The malware was specifically designed to target users of AI coding agents, including Anthropic's Claude and Google's Gemini.
The Attack Vector
The malicious code was apparently pushed directly into Microsoft's own repositories, making it a supply chain attack. When developers pulled code from these compromised repositories, they inadvertently introduced malware onto their systems. The primary goal of the malware appears to be credential theft, potentially allowing attackers to gain access to user accounts and sensitive information.
Microsoft's Response
In response to the breach, Microsoft shut down the affected repositories and began an investigation into the incident. The company has not yet released detailed information about how the attackers gained access or the full scope of the compromise.
Implications for AI Tool Users
This incident highlights the evolving threat landscape for AI-assisted development tools. As developers increasingly rely on AI coding agents, attackers are adapting their tactics to target these workflows. Users of AI coding tools should verify the integrity of code they download and be cautious about executing commands from any source, including familiar repositories.