For the 2nd Time in Weeks, Microsoft Packages Laced with Credential Stealer
CybersecurityDefense

For the 2nd Time in Weeks, Microsoft Packages Laced with Credential Stealer

Ars Technica – Security
Ars Technica – SecurityJun 8, 2026

Companies Mentioned

Microsoft

Microsoft

MSFT

GitHub

GitHub

Cloudsmith

Cloudsmith

Google

Google

GOOG

Amazon

Amazon

AMZN

Red Hat

Red Hat

Why It Matters

The incident exposes critical weaknesses in the software supply chain and AI‑assisted development tools, putting billions of dollars of cloud infrastructure at risk and eroding trust in trusted‑publisher models.

Key Takeaways

  • 73 Microsoft‑signed packages infected with credential‑stealing Miasma worm
  • Malware activates when opened in AI coding agents like Claude Code
  • Steals AWS, Azure, GCP, Kubernetes and password‑manager credentials
  • Bypasses hash‑based detection using unique encrypted payload per version
  • Same compromised GitHub account used in May durabletask supply‑chain breach

Pulse Analysis

The latest Microsoft package compromise underscores how attackers are weaponizing the modern software supply chain. By injecting the Miasma worm into 73 open‑source libraries, the threat actors leveraged cryptographic verification to appear legitimate, sidestepping traditional hash‑based scanners. Once a developer loads an infected package into an AI coding assistant, the payload springs to life, siphoning credentials from cloud providers and developer tools. This method of exploiting AI‑driven workflows marks a new frontier in supply‑chain risk, where the point of infection is no longer a vulnerable codebase but a trusted development assistant.

Technically, Miasma harvests OpenID‑Connect tokens and other identity artifacts used in SLSA provenance, allowing it to masquerade as a legitimate build. By generating a uniquely encrypted payload for each package version, the worm defeats static indicators of compromise, forcing defenders to rely on behavioral analytics rather than static hashes. The malware’s ability to spread laterally across Kubernetes clusters and CI/CD runners amplifies its impact, turning a single compromised developer machine into a conduit for cloud‑wide credential theft. This sophistication reflects a broader trend where threat actors target the trust relationships embedded in modern DevSecOps pipelines.

For enterprises, the breach signals an urgent need to reassess credential management and supply‑chain hygiene. Enforcing short‑lived OIDC tokens, implementing zero‑trust principles for CI/CD environments, and adopting real‑time provenance verification can mitigate the risk of similar attacks. Moreover, developers should treat any package that interacts with AI agents as a potential attack surface, applying strict validation and sandboxing. As supply‑chain attacks become more prevalent, organizations must blend robust tooling with vigilant operational practices to protect their cloud assets and maintain confidence in open‑source ecosystems.

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Read Original Article

Comments

Want to join the conversation?

Loading comments...