Microsoft GitHub Repositories Hacked: Malware Targets Developers Using Claude Code and Gemini CLI
Microsoft has shut down several GitHub repositories—including projects related to Azure and AI coding agents—after hackers embedded malware designed to steal credentials from developers using AI coding tools such as Anthropic's Claude Code and Google's Gemini CLI. Microsoft is conducting a full investigation into the security breach.
Highlights
- Microsoft shut down multiple GitHub repositories, including Azure and AI coding agent projects, following the discovery of embedded malware by cybersecurity researchers.
- The malware was specifically designed to steal credentials from developers using AI coding tools, namely Anthropic's Claude Code and Google's Gemini CLI.
- Microsoft confirmed the security breach in a statement to media outlet 404 Media and has launched a full investigation into the incident.
- The attack represents a new form of software supply chain threat, exploiting open-source repositories as malware distribution vectors targeting AI-assisted development workflows.
- The total number of affected users and the full scope of the breach have not yet been determined as of the time of reporting.
Microsoft GitHub Repositories Compromised, AI Developer Tool Users in the Crosshairs
Microsoft has taken the emergency step of shutting down multiple GitHub repositories, including projects tied to its Azure cloud platform and AI coding agents, as it launches a full investigation into a data breach. The action follows findings by cybersecurity researchers and was confirmed by Microsoft in a statement to media outlet 404 Media.
Attack Method: Exploiting AI Coding Tools
Security researchers determined that attackers planted malicious code inside Microsoft's GitHub repositories. The malware was deliberately engineered to activate when developers opened the compromised code through AI-assisted coding tools—specifically Anthropic's Claude Code and Google's Gemini CLI. Once triggered, the malicious program silently harvests user credentials.
Rising Supply Chain Attack Risk
The incident highlights an emerging class of cybersecurity threat driven by the rapid adoption of AI-assisted development tools. As more developers rely on AI tools to write and review code, threat actors are pivoting their strategies to target these workflows. By weaponizing open-source repositories as malware distribution vectors, attackers are effectively executing a new form of software supply chain attack.
Microsoft's Response
Microsoft has taken the affected repositories offline and is actively investigating the full scope of the incident. The exact scale of the breach and the total number of affected users have not yet been determined.
For developers who use AI coding tools, security experts advise exercising heightened vigilance regarding the origin of any code being referenced, remaining alert when using AI tools to process externally sourced code, and avoiding direct execution of code from unverified or unfamiliar repositories.
原文來源: 查看原文
