Microsoft has disabled access to at least 70 open source repositories on GitHub after discovering password-stealing malware injected into the code. The affected projects, many tied to Azure cloud services and AI development tools including Claude Code and VS Code extensions, were compromised in what security researchers describe as a supply chain attack targeting developers with access to cloud systems.

Security firms Cloudsmith and OpenSourceMalware first identified the breach, finding malicious code designed to harvest credentials when developers opened compromised tools in their AI coding applications. Microsoft confirmed it temporarily removed repositories while investigating potential malicious content, restoring some after review while others remain offline pending further analysis.

These supply chain attacks exploit trust in widely-used open source projects to reach large numbers of users. While individual developers frequently face such compromises, breaches of major tech companies like Microsoft are uncommon given their security resources. The incident marks Microsoft's second open source compromise in weeks, following a May breach of the Durable Task project.

OpenSourceMalware suggests this could represent a 're-compromise' of previously breached systems, indicating Microsoft may not have fully eradicated the initial threat. With developers increasingly relying on AI-powered coding tools, credential theft poses significant risks to cloud infrastructure and customer data across interconnected systems.