A self-replicating worm has compromised 73 of Microsoft’s GitHub repositories, including core Azure projects, planting malware designed to steal credentials from developers who use AI coding tools.
GitHub, which Microsoft owns, has disabled the affected repositories, displaying a notice that access was cut for a terms-of-service violation.
The worm, dubbed Miasma, was flagged by supply chain security firm Cloudsmith and the malware-analysis site OpenSourceMalware, which were among the first to identify the Microsoft compromise.
The disabled repositories span the Azure Functions host and the wider Durable Task ecosystem, a set of tools developers use to build applications.
Why AI Coding Tools Are the Delivery Vehicle
What made the campaign notable is how it reached its targets. Rather than relying on a poisoned package downloaded from a registry, the malware planted its payload directly into source repositories.
According to Cloudsmith, the dropper executed automatically the moment an infected repository was cloned and opened inside a developer’s AI coding tool, with Claude Code, Gemini CLI, Cursor, and VS Code all named as triggers.
That design turned a routine developer action into the point of compromise. Once running, the malware harvested credentials from the developer’s machine and, according to Microsoft’s analysis of the related Red Hat npm campaign, from connected cloud environments including Azure, AWS, and Google Cloud.
It then spread by republishing trusted code under the compromised account, moving from one victim to the next like a worm.
Because it specifically hunted developer and cloud credentials, Cloudsmith and Microsoft both advised anyone who installed or built the affected code to treat their secrets as exposed and rotate GitHub tokens, SSH keys, CI/CD secrets, and cloud credentials.
Microsoft Analyzed the Worm, Then Was Hit by It
On June 2, Microsoft’s own threat intelligence team had published the aforementioned analysis of Miasma, tracing how it had compromised more than 90 versions of Red Hat npm packages by abusing a legitimate publishing workflow so the malicious code carried authentic signatures. That let it slip past scanners that treat signed packages as trustworthy.
OpenSourceMalware described the Microsoft incident as a re-compromise of the Durable Task project, which was hit roughly a month earlier. Cloudsmith suggested the credentials behind the first breach were likely never fully rotated or remediated.
Microsoft has not confirmed that assessment. Expert Insights contacted Microsoft for comment but did not immediately receive a response.
