Microsoft's GitHub ecosystem has been targeted by a sophisticated self-replicating supply chain attack known as "Miasma." This campaign resulted in the disabling of 73 repositories across organizations such as Azure, Microsoft, and MicrosoftDocs. The attack is an evolution of the Mini Shai-Hulud worm and appears to be a continuation of a previous compromise involving the "durabletask" PyPI package, indicating that threat actors may have maintained persistent access or re-harvested developer credentials.
The Miasma worm distinguishes itself by targeting AI-assisted development tools including Claude Code, Gemini CLI, Cursor, and VS Code. By injecting malicious configuration files into repositories, the attackers trigger automatic code execution when a developer simply opens the folder. This method bypasses traditional registry defenses by exploiting the inherent trust in authenticated maintainers, allowing the malware to spread exponentially by capturing fresh authentication tokens from compromised workstations.
Top comments (0)