Microsoft has cut off access to dozens of open source projects hosted on GitHub as it investigates how hackers apparently compromised the projects and injected password-stealing malware into the code.
Many of the affected projects are related to Microsoft’s Azure cloud service and other tools used by developers to code with AI development applications, such as Claude Code, the Gemini command-line interface, and VS Code.
According to security company Cloudsmith and community-based malware analysis site OpenSourceMalwarewhich were some of the first to point out the breach, the malware allowed hackers to steal a user’s passwords and other sensitive credentials when the compromised tools in the AI coding apps were opened.
It is not immediately known how many people have downloaded the affected tools.
Microsoft has confirmed that it has retired the repos, as first reported by 404 Media.
Microsoft spokesman Ben Hope told TechCrunch that the company has “temporarily removed some repositories as we investigated potential malicious content.”
“Some of these repos have been restored after a review, while others may remain offline while work continues.”
“As part of our investigation, we have notified a small number of customers who may have pulled content from the affected repositories. We will continue to investigate and if anything further is identified that requires customer action, we will contact you directly through our established support channels,” Hope added.
Microsoft did not immediately provide the specific number of affected customers when asked by TechCrunch.
At least 70 Microsoft-owned projects have been “disabled,” per a message load when trying to access project pages on GitHub, a site that hosts Microsoft-owned code. “Access to this repository has been disabled by GitHub staff due to a violation of GitHub’s terms of service.”
This is the latest example in recent months of hackers breaking into widely popular open source projects with the aim of planting malware on large numbers of users who have the code installed on their computers. These hacks are known as “supply chain” attacks, as they target code that is frequently used in a large number of software products or by a specific type of user, which can be advantageous to the hack as they sometimes have access to cloud systems and large amounts of customer data.
While it’s not uncommon for sole developers of open source projects to be targeted by hackers—in some cases as part of long-term efforts to win the developer’s trust—it’s rare for large tech giants like Microsoft, which have the resources to defend against these kinds of attacks, to be hacked.
This is the second known Microsoft breach in recent weeks that has allowed hackers to compromise its open source projects, per Ars Technica. In mid-May, security researchers said that Microsoft’s open-source Durable Task project, a tool that helps developers build apps, was breached. OpenSourceMalware said Microsoft’s latest incident is a “re-compromise” of the Durable Task project, suggesting that Microsoft may not have eliminated the hackers on its first try, or an entirely new, discrete breach.
Updated with comment from Microsoft.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
