For the 2nd time in weeks, Microsoft packages laced with credential stealer
Summary
Microsoft experienced a second recent attack where hackers added credential-stealing code to official software packages. These infected packages targeted developers using AI coding tools and stole important login information for cloud services and developer tools.Key Facts
- Microsoft’s official open source packages on GitHub were compromised with malware that steals login credentials.
- About 73 infected packages were detected and disabled by GitHub for violating terms of service.
- The malware activates when developers use AI coding assistants with the infected packages.
- This is the second attack in weeks targeting Microsoft’s software supply chain.
- The malware, called Miasma, steals credentials from cloud services like AWS, Azure, and Google Cloud.
- Attackers used stolen Microsoft credentials to publish malicious updates that appear legitimate.
- The malware adapts its code for each infection, making detection harder.
- The attack exploits trust in modern software workflows rather than software bugs.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.