Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents.
In all, multiple researchers said, 73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform. Rather than noting they are maliciousâand that developers who used AI agents to work with them should assume their systems are compromisedâthe Microsoft-owned GitHub said it disabled the packages âdue to a violation of GitHub’s terms of service.â The text went on to encourage the package owner to contact GitHub.
Devs: Assume compromise and proceed accordingly
It wasnât until Monday that Microsoft even raised the possibility the packages were infected. In an email, the company stated: âWe have temporarily removed some repositories as we investigate potential malicious content.â