PROEVERYTHING & even more
Code Read the original on Rescana 2 min read 0

Miasma Worm Compromises 73 Microsoft GitHub Repos via AI Coding Tools

On June 5, 2026, the Miasma worm executed a sophisticated supply chain attack, compromising 73 Microsoft GitHub repositories across four major organizations. The malware leveraged compromised contributor credentials to inject malicious code into key projects like Azure/durabletask. Crucially, the payload was designed to activate when developers opened the repository in AI coding tools such as Claude Code and Gemini CLI, exposing a critical vulnerability in modern development workflows.

#Microsoft #GitHub #Supply Chain Attack #AI Security #Miasma Worm
Силует спеціаліста перед рядами серверних шаф у темному дата-центрі, оточений мережевою діаграмою даних та технологічних вузлів.
Силует спеціаліста перед рядами серверних шаф у темному дата-центрі, оточений мережевою діаграмою даних та технологічних вузлів. · Image source: Rescana

According to Rescana, the Miasma worm represents an advanced evolution of supply chain malware, exploiting the inherent trust within open-source development environments. The attack began when the threat actor used previously compromised contributor credentials to push a malicious commit (hash: 5f456b8) into the Azure/durabletask repository. This commit was strategically backdated to 2020 and included a [skip ci] flag, allowing it to bypass automated Continuous Integration/Continuous Deployment (CI/CD) detection systems.

Exploiting AI Development Tool Trust

The worm did not modify any source code; instead, five configuration files were added. These files were engineered to trigger the automatic execution of a large, obfuscated JavaScript payload, measuring between 4.3 and 4.6 MB, when the repository was opened in various developer tools. The malicious code resided within .github/setup.js.

The attack specifically targeted configuration file formats used by popular AI coding agents and IDEs, including:

  • .claude/settings.json for Claude Code
  • .gemini/settings.json for Gemini CLI
  • .cursor/rules/setup.mdc for Cursor
  • .vscode/tasks.json for VS Code

Upon execution, the worm functioned as a highly effective credential harvester. It successfully gathered sensitive access information for numerous cloud platforms and developer tools, enabling autonomous propagation across victim environments.

Operational Impact and Propagation

The compromised credentials allowed Miasma to commit itself into any repository accessible by the victim, facilitating rapid self-replication. The harvested data included authentication tokens for:

  • AWS
  • Azure
  • GCP
  • Kubernetes
  • npm
  • GitHub

The immediate operational impact was severe. Organizations relying on official GitHub Actions, such as Azure/functions-action, experienced widespread breakage in their CI/CD pipelines, rendering critical infrastructure and documentation repositories inaccessible. Though GitHub contained the threat within 105 seconds through automated enforcement, the full scope of downstream damage remains undetermined.

This technique marks a significant shift from traditional package installation attacks. Experts note that because Miasma acted as a legitimate maintainer using valid credentials, its activity was indistinguishable from routine updates on the platform. Furthermore, technical analysis links the Miasma worm to the Mini Shai-Hulud worm, previously released by the threat group TeamPCP in May 2026. The incident underscores that modern defenses must account for attacks triggered simply by interacting with a repository via an AI tool or IDE.

Telegram

Fresh news on our Telegram

Get instant alerts for new posts in «Code»

@procodeandevenmore