ProBackend
cloud security incidents
Jun 18, 20265 min read

Microsoft Removes 73 GitHub Repositories in Password-Stealing Malware Incident

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub after discovering they distributed potential malicious content linked to the Miasma/Shai-Hulud supply-chain campaign.

Logan Bastion

On June 5, 2026, Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub following the discovery that some repositories distributed potential malicious content. The incident was contained within just 105 seconds, according to company officials.

The swift response by Microsoft and GitHub staff prevented the widespread distribution of malware that targeted developer credentials and supply chain integrity. The removal was described as a precautionary measure to protect the broader development community from potential compromise.

In an official statement, a Microsoft spokesperson explained that the company "temporarily removed some repositories as we investigated potential malicious content" and confirmed that "a small number of customers may have pulled down content from the affected repositories." Microsoft has since restored all repositories after completing its investigation and confirmed they are now clean and safe to use.

Background on the Incident

The compromised repositories included some of Microsoft's most critical GitHub assets, most notably the 'Azure/functions-action' repository—a GitHub Action that thousands of developers rely on to deploy Azure Functions. When this repository was compromised, workflows referencing it stopped working entirely because there was nothing in the specified repository to resolve the action.

This caused an immediate outage and widespread confusion among developers who depend on Azure Functions for their cloud deployments. The incident highlights how a single compromised repository can cascade into a broad disruption across the developer ecosystem.

The repositories were removed due to concerns about "potential malicious content" that Microsoft discovered during routine security monitoring. A Microsoft representative responded to user concerns in a community discussion, stating that the repositories were disabled because of "an internal management issue" and that an investigation was underway.

By June 9, 2026, Microsoft confirmed that all repositories had been restored and were considered clean and safe to use. The company notified affected customers directly through established support channels and stated it would continue investigating the incident.

The Miasma/Shai-Hulud Supply-Chain Campaign

The June 5 incident affecting Microsoft repositories appeared to be part of the broader Miasma/Shai-Hulud supply-chain campaign that has been targeting developer tools and cloud infrastructure. This same campaign had previously compromised 32 npm packages in the @redhat-cloud-services namespace by infecting a Red Hat employee's GitHub account.

The attackers initially struck the Red Hat npm namespace by pushing unreviewed orphan commits to internal repositories. These malicious commits injected a minimal workflow that requested GitHub's OIDC tokens—a critical security vulnerability that allows attackers to access cloud resources without traditional credentials.

Once they had initial access through the Red Hat compromise, the threat actors pivoted to Microsoft's resources on GitHub. This represents a classic supply-chain attack pattern where attackers target trusted relationships between organizations to spread their malware.

Supply chain management company Cloudsmith published a detailed analysis concluding that Microsoft's Azure environment and the 'durabletask' repository were compromised via Miasma. The campaign specifically targeted AI coding tools including Claude Code, Gemini CLI, VS Code, and Cursor.

Technical Details of the Attack

The Shai-Hulud malware campaign utilizes sophisticated techniques to steal developer credentials and deploy password-stealing malware. The attack typically follows this pattern:

  1. Initial Compromise: Attackers gain access to a developer's account or push unreviewed commits to legitimate repositories
  2. OIDC Token Theft: Malicious workflows request GitHub's OIDC tokens, bypassing traditional authentication
  3. Credential Theft: The malware steals API keys, access tokens, and other credentials from developer environments
  4. Lateral Movement: Attackers use stolen credentials to pivot to other repositories and cloud resources
  5. Persistence: Malicious packages are published to package managers like PyPI and npm for long-term impact

The 'durabletask' repository in Microsoft's Azure organization was specifically identified by OpenSourceMalware as having been compromised in May, suggesting an incomplete cleanup that allowed the threat actors to return with a more sophisticated attack.

Response and Recovery

Microsoft's response to the incident was notably swift. Security teams were able to contain the breach in just 105 seconds—a remarkable timeframe for an incident of this scale. The company took the following actions:

  1. Immediate Repository Removal: All 73 affected repositories were removed from GitHub to prevent further spread
  2. Customer Notification: A small number of customers who may have pulled malicious content were notified directly
  3. Investigation: Microsoft launched a full investigation with the help of GitHub security teams
  4. Repository Restoration: After cleanup and verification, all repositories were restored to their original state
  5. Ongoing Monitoring: Microsoft committed to continued investigation and direct outreach for any further issues

The response plan emphasized transparency with the affected customer base. "If anything further is identified that requires customer action, we will reach out directly through our established support channels," a Microsoft spokesperson told BleepingComputer.

Broader Implications for Software Supply Chains

This incident underscores the growing threat landscape facing software supply chains. The Miasma/Shai-Hulud campaign has demonstrated the ability to:

  • Exploit trusted relationships between organizations (Red Hat → Microsoft)
  • Target AI coding tools that developers use daily
  • Leverage OIDC tokens to bypass traditional authentication mechanisms
  • Maintain persistence through multiple package managers (npm, PyPI)

Security researchers at StepSecurity identified another incident in the same campaign affecting Pythagora-io/gpt-pilot, a popular open-source AI developer tool with over 33,700 GitHub stars and more than 3,500 forks. This shows how attackers are targeting the most widely-used tools in the developer ecosystem.

Recommendations for Developers

In light of these incidents, security experts recommend the following measures:

  1. Lock Project Dependencies: Use package managers that support lockfiles and pin dependencies to specific versions
  2. Add Time Delays: Implement multi-day delays before fetching new package updates to allow for security review
  3. Isolated Testing: Test new builds in isolated environments before deploying to production
  4. Multi-Factor Authentication: Enable MFA on all development accounts, especially GitHub and cloud provider accounts
  5. Supply Chain Audits: Regularly audit dependencies for known vulnerabilities and malicious patterns
  6. OIDC Token Security: Review and restrict OIDC token permissions in CI/CD workflows

The BleepingComputer article on this incident can be found at https://www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/

  • FortiBleed leak exposed Fortinet VPN credentials for 73,000 devices
  • Malicious JetBrains Marketplace plugins steal AI API keys from developers
  • Steam Workshop abused to spread malware via Wallpaper Engine app
  • Red Hat npm packages compromised in the same Miasma campaign

These incidents highlight that supply-chain attacks are not isolated but represent a coordinated threat landscape targeting the foundational tools of modern software development.

Microsoft Removes 73 GitHub Repositories in Password-Stealing Malware Incident

Related blogs

cloud security incidents

A Critical Methodological Analysis Challenges the Scientific Foundation of Modern Consciousness Research

A research team has issued a fundamental challenge to neuroscientific methods used in consciousness studies, arguing that current approaches are built on shaky theoretical and empirical ground. The analysis examines how information processing frameworks shape our understanding of conscious experience.

Jun 18, 2026 · 5 mincloud security incidents

Fileless Phantom Stealer Targets Browser Credentials

In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to frustrate detection.

Jun 18, 2026 · 3 mincloud security incidents

Microsoft Packages Compromised in Second Supply-Chain Attack Using Miasma Credential Stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents.

Jun 18, 2026 · 3 min
More engineering analysis and backend guidance from ProBackend.
More blogs