Microsoft has suspended access to dozens of open-source projects on GitHub after these codebases were suspected of being hacked and infected with malware capable of stealing passwords and sensitive credentials. The affected projects are mostly related to Azure cloud services, and also include development tools that can be accessed in AI coding environments such as Claude Code, Gemini command-line tools, and VS Code.
At least 70 projects have been suspended.
TechCrunch, citing security firm Cloudsmith and malware analysis site OpenSourceMalware, reports that attackers have inserted data-stealing code into the relevant projects. Once users open these compromised tools in AI development applications, their passwords and other sensitive credentials could be stolen.
Microsoft has confirmed the removal of the relevant code repositories. According to information displayed on the GitHub page, at least 70 Microsoft projects have been disabled, with the page stating that these repositories were closed by GitHub staff for violating the GitHub Terms of Service.
It is unclear how many users have downloaded these affected tools, and Microsoft has not immediately explained the intrusion path or the scope of the impact.
The affected scope extends to the AI development chain.
Based on the disclosed information, this incident was not a single project failure, but rather affected multiple open-source tools for developers. Since these tools are likely integrated into daily development workflows, the attackers' target was clearly not just a single device, but rather an attempt to expand their reach through commonly used code components.
These types of attacks are often referred to as supply chain attacks. Attackers don't directly target end users; instead, they first compromise widely used code projects and then spread the attack to more users through development tools, dependencies, or software components. The harm from these attacks is often greater for developers who have access to cloud system privileges, keys, and customer data.
It may be related to the events of May.
The report noted that this is the second known security incident involving a Microsoft open-source project in recent weeks. In mid-May, security researchers stated that Microsoft's open-source project, Durable Task, had been compromised. This tool is primarily used to help developers build applications.
OpenSourceMalware believes this latest incident may be another breach of the Durable Task project. This implies two possibilities: either the attackers were not completely eliminated after the initial incident, or Microsoft has suffered another independent intrusion.
Large tech companies possess more comprehensive security resources, making such incidents less common. This concentrated decommissioning of Microsoft projects also demonstrates that open-source tools have become high-risk entry points for AI developers and cloud environment access.
