Microsoft has temporarily removed access to dozens of open source projects on GitHub after hackers apparently breached the repositories and added password-stealing malware. Many of the affected projects were tied to Azure and developer tools used with AI coding apps such as Claude Code, Gemini’s command line interface, and VS Code.
Microsoft confirmed the removals while it investigates the incident. Spokesperson Ben Hope told TechCrunch that the company “temporarily removed some repositories” while reviewing potential malicious content.
Repositories Were Disabled During Review
At least 70 Microsoft projects showed a GitHub notice saying access had been disabled by GitHub staff because of a violation of GitHub’s terms of service. Microsoft did not immediately say how many people downloaded the affected tools.
Hope said some repositories had been restored after review, while others may remain offline as work continues. He also said Microsoft notified a small number of customers who may have downloaded content from the affected repositories.
The company said it will keep investigating and contact customers through established support channels if further action is needed. Microsoft did not provide the specific number of affected customers when asked by TechCrunch.
Researchers Flagged Credential Theft Risk
Security firm Cloudsmith and community malware analysis site OpenSourceMalware were among the first to flag the hack. OpenSourceMalware said GitHub disabled 73 Microsoft repositories across four organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs.
The malware could steal passwords and other sensitive credentials when users opened compromised tools in AI coding apps. The affected tools were used by developers, who may have access to cloud systems, software environments, or customer data.
The incident is a software supply chain attack, where attackers compromise trusted code used by other developers or products. These attacks can spread beyond the original project if users install or open affected code.
Durable Task Was Also Targeted
The latest incident follows another known compromise of a Microsoft open source project in recent weeks. In mid-May, security researchers said Microsoft’s Durable Task project, which helps developers build apps, had been hacked.
OpenSourceMalware described the latest event as a possible “re-compromise” of Durable Task. That could mean the earlier attackers were not fully removed, or that a separate breach affected the project again.
Ars Technica previously reported on the Durable Task compromise, according to the source article. The latest investigation remains ongoing.
Featured image credits: Wikimedia Commons
For more stories like it, click the +Follow button at the top of this page to follow us.