Microsoft packages hit by credential stealer for second time in weeks
Original: For the 2nd time in weeks, Microsoft packages laced with credential stealer
Why This Matters
Demonstrates vulnerability of software supply chains even with cryptographic verification
73 cryptographically verified Microsoft packages on GitHub were compromised with credential-stealing malware that activates when opened by AI coding agents. The attack used legitimate OIDC tokens and SLSA provenance to bypass security measures.
Multiple researchers identified 73 malicious Microsoft packages blocked by GitHub's automated systems. The packages contained Miasma malware that steals credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tools, then spreads laterally through cloud infrastructures. This marks the second supply-chain attack on Microsoft repositories in recent months, following May's compromise of the durabletask Python SDK receiving 400,000 monthly downloads. The attacks, linked to TeamPCP threat actor, exploit legitimate OIDC tokens and SLSA provenance attestation rather than software vulnerabilities. Security firm Cloudsmith noted the malware's sophistication in adhering to legitimate workflows while compromising the modern engineering ecosystem's trust model.