Dozens of open source packages from Microsoft were compromised late last week, embedding advanced credential-stealing code that activated when developers opened them in AI coding agents. According to researchers, 73 packages were flagged as malicious by GitHub's automated systems. The Microsoft-owned GitHub platform disabled the packages 'due to a violation of GitHub’s terms of service,' without explicitly noting their malicious nature. Developers are advised to assume their systems may be compromised and take appropriate action. Source: arstechnica
The compromised packages executed a 28 KB payload that stole credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations. The attack, linked to a threat actor known as TeamPCP, poisoned the durabletask Python SDK on PyPI, which receives 400,000 downloads per month. The malware used in the attack, called Miasma, is a clone of TeamPCP’s recently open-sourced Mini Shai-Hulud toolkit. Security firm Cloudsmith noted that the malware harvested OIDC (OpenID-Connect) token credentials used in SLSA (Supply-chain Levels for Software Artifacts) provenance attestation. Source: arstechnica
The incident is the second supply-chain attack in two months to breach an official Microsoft repository account. In mid-May, StepSecurity documented the compromise of Microsoft’s durabletask Python SDK. The same GitHub account was compromised again late last week, with the cause still under investigation. Microsoft has not provided details about the cause of the double compromise. Source: arstechnica
