Microsoft packages again laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were altered late last week to include credential-stealing code that activated when developers opened them in AI coding agents. Multiple researchers said 73 packages were flagged as malicious after automated systems on GitHub blocked them.

Rather than labeling the packages malicious or warning developers who used AI agents to assume compromise, GitHub said it disabled the packages "due to a violation of GitHub’s terms of service" and encouraged the package owner to contact the platform. Microsoft only raised the possibility of infection on Monday, saying in an email, "We have temporarily removed some repositories as we investigate potential malicious content." The incident is the second supply-chain attack in as many months to breach an official Microsoft repository account.

microsoft, github, credential stealer, supply chain, open source, cryptographically verified, ai agents, malicious packages, removed repositories, package owner