Hackers Inject Credential-Stealing Code Into Microsoft's Azure and AI Tools
Microsoft has cut off access to dozens of its open-source projects on GitHub after hackers apparently breached the repositories and injected password-stealing malware directly into the code. The move came as the company launched an investigation into the scope of the compromise — one that security researchers say specifically targeted developers working with AI coding applications.
The affected projects are largely tied to Microsoft's Azure cloud service and a range of developer tools used alongside AI apps like Claude Code, Gemini's command line interface, and VS Code. In other words, the people most likely to be hit are exactly the kind of developers who have deep access to cloud infrastructure and large quantities of customer data.
How the Malware Worked and Who Found It First
According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware — both among the first to flag the attack — the injected malware was designed to steal users' passwords and other sensitive credentials the moment they opened a compromised tool inside their AI coding environment. It didn't require any unusual behavior from the victim. Just opening the tool was enough.
It isn't yet known how many developers downloaded the affected repositories before Microsoft pulled them offline.
Microsoft's Response: Repos Pulled, Some Restored
Microsoft confirmed it removed the repositories, with spokesperson Ben Hope telling TechCrunch that the company "temporarily removed some repositories as we investigated potential malicious content." He added that some of those repos have since been restored after review, while others remain offline as the investigation continues.
Hope also confirmed that Microsoft notified a small number of customers who may have pulled down content from the affected repositories, and said the company would reach out directly through its support channels if any further action is required. The exact number of affected customers was not disclosed.
On GitHub — the code-hosting platform that Microsoft itself owns — at least 70 of Microsoft's projects show as "disabled," with a message reading: "Access to this repository has been disabled by GitHub Staff due to a violation of GitHub's terms of service."
A Supply Chain Attack Targeting High-Value Developers
This incident fits a pattern that security researchers have been tracking for months: supply chain attacks. Rather than targeting end users directly, attackers compromise widely-used open-source packages and wait for developers to pull the infected code onto their machines. The strategy is effective because these tools are often baked into a large number of software products — and the developers using them frequently have privileged access to cloud systems and sensitive customer data, making them particularly high-value targets.
While solo open-source maintainers have historically been the most common victims of this kind of attack — sometimes after long-running social engineering campaigns designed to build trust — it's rare for a company with Microsoft's resources and security infrastructure to fall victim. That's part of what makes this incident notable.
Microsoft's Second Open-Source Breach in a Matter of Weeks
This isn't an isolated stumble. According to reporting from Ars Technica, this is Microsoft's second known breach in recent weeks involving compromised open-source projects. In mid-May, security researchers identified that Microsoft's Durable Task project — a tool that helps developers build applications — had been hacked.
What makes the latest incident even more concerning is what OpenSourceMalware called it: a "re-compromise" of the Durable Task project. That word choice matters. It suggests that when Microsoft addressed the first breach, it either didn't fully root out the attackers, or the project was successfully targeted again in an entirely separate operation shortly after. Either scenario raises real questions about whether the underlying vulnerability has been properly contained.