Microsoft’s GitHub Packages Compromised with Credential Stealer Code

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents. In all, multiple researchers said, 73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform.

Rather than noting they are malicious—and that developers who used AI agents to work with them should assume their systems are compromised—the Microsoft-owned GitHub said it disabled the packages “due to a violation of GitHub’s terms of service.” The text went on to encourage the package owner to contact GitHub. Devs: Assume compromise and proceed accordingly It wasn’t until Monday that Microsoft even raised the possibility the packages were infected. In an email, the company stated: “We have temporarily removed some repositories as we investigate potential malicious content.”