Microsoft's open source tools were hacked to steal passwords of AI developers
4 hours ago
- #malware
- #open-source
- #cybersecurity
- Microsoft has disabled access to dozens of its open source projects on GitHub after discovering hackers injected password-stealing malware into the code.
- The malware targeted developers using AI coding tools like Claude Code, Gemini's CLI, and VS Code, stealing passwords and credentials when the compromised tools were opened.
- At least 70 Microsoft projects were disabled, with some restored after review; Microsoft notified a small number of affected customers but hasn't disclosed the exact number.
- This incident is part of a recent trend of 'supply chain' attacks on open source projects, aiming to infect many users by targeting widely used code.
- It's the second known breach of Microsoft's open source projects in recent weeks, following a hack of the Durable Task project in mid-May, suggesting possible re-compromise.