Microsoft shuts GitHub repos after password-stealing malware

Microsoft shuts – Microsoft has cut off access to dozens of open-source projects hosted on GitHub while it investigates hackers who allegedly injected password-stealing malware. Developers using AI coding tools tied to Azure, Claude Code, Gemini’s command line interface, and VS

For developers building with AI tools, the warning came fast—access vanished, and a familiar workflow suddenly turned risky. Microsoft has temporarily removed access to dozens of its open-source projects hosted on GitHub while it investigates hackers who reportedly breached those repositories and injected password-stealing malware into the code.

Many of the affected projects are connected to Microsoft’s cloud service Azure and to developer tools used for AI coding workflows. including Claude Code. Gemini’s command line interface. and VS Code. Security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware were among the first to flag the incident. and the malware they identified was designed to steal user passwords and other sensitive credentials when compromised tools were opened inside AI coding apps.

How many people downloaded the affected tools remains unclear. Microsoft confirmed it pulled the repositories as the investigation began. In a statement to TechCrunch. Microsoft spokesperson Ben Hope said the company had “temporarily removed some repositories as we investigated potential malicious content.”.

Hope added that “some of these repos have been restored after review. while others may remain offline while work continues.” He said Microsoft also notified “a small number of customers who may have pulled down content from the affected repositories. ” and that the company would keep investigating. If additional action is required, Hope said, it would reach out directly through “established support channels.”.

Microsoft did not provide the specific number of customers affected when asked.

On GitHub, at least 70 Microsoft projects appear to have been disabled. A message that loads when trying to access the projects’ pages states: “Access to this repository has been disabled by GitHub Staff due to a violation of GitHub’s terms of service.”

This is the latest example of a broader problem: hackers increasingly breach software supply chains. targeting code that can end up installed across large numbers of users. Supply chain attacks aim to compromise software that is widely shared—so the payload reaches everyone who pulls it in. In cases like this. the goal can be especially damaging because developers using such tools may have access to cloud systems and large volumes of customer data.

Microsoft’s situation hits a nerve because it comes after repeated demonstrations that even major open-source users are not immune. While sole open-source maintainers are sometimes targeted. and attackers may work for long periods to earn trust. it is rarer to see large tech giants—companies with significant resources—end up getting breached through their open-source infrastructure.

The company’s latest incident also arrives only weeks after a separate compromise. It is the second known breach involving Microsoft open-source projects over the past few weeks. In mid-May. security researchers said Microsoft’s open-source project Durable Task—described as a tool that helps developers build apps—had been hacked. OpenSourceMalware characterized the newest problem as a “re-compromise” of the Durable Task project. suggesting Microsoft may not have fully eradicated the hackers after the first attempt. or that a different breach may have taken place.

For now, what developers can feel immediately is the disruption: repositories taken offline, tools pulled back, and a painful reminder that the fastest path to an attacker may still be through the code everyone trusts.

Microsoft GitHub open source malware password-stealing supply chain attack Azure Claude Code Gemini command line VS Code Cloudsmith OpenSourceMalware Durable Task