Microsoft Hacked: Malware Planted in GitHub Repos Targets Claude and Gemini Users

✍️ OpenClawRadar📅 Published: June 9, 2026🔗 Source
Microsoft Hacked: Malware Planted in GitHub Repos Targets Claude and Gemini Users
Ad

Microsoft has shut down over 70 of its own GitHub repositories, including those related to Azure and AI coding agents, after a breach where hackers planted malware that harvests credentials from AI coding tool users, according to 404 Media and security researchers.

Attack Vector: Malware in Microsoft's Own Repos

Hackers compromised Microsoft's repositories and planted malicious code. The malware is designed to steal credentials when opened in AI coding tools like Claude Code or Gemini CLI. One researcher identified a specific compromised package but details are limited as Microsoft investigates.

Scope and Response

Microsoft took the unusual step of disabling more than 70 of its own repositories across GitHub. The repositories included code for Azure and AI coding agent integrations, making the breach particularly dangerous for developers using these tools.

Ad

Impact on AI Coding Agents

AI coding agents like Claude Code and Gemini CLI often execute code from repositories to perform tasks. If a developer clones a compromised repo and opens it in one of these tools, the malware can silently exfiltrate API keys, tokens, or other credentials. The attack specifically targets users of these popular AI CLI tools.

What Developers Should Do

If you have recently cloned any Microsoft GitHub repositories — especially those related to Azure or AI coding — check for suspicious files or dependencies. Avoid running untrusted code in Claude Code or Gemini CLI. Rotate any credentials that may have been exposed. Monitor GitHub for official updates from Microsoft on which repositories were affected.

📖 Read the full source: HN AI Agents

Ad

👀 See Also