Microsoft Hacked: Malware Planted in GitHub Repos Targets Claude and Gemini Users

Microsoft has shut down over 70 of its own GitHub repositories, including those related to Azure and AI coding agents, after a breach where hackers planted malware that harvests credentials from AI coding tool users, according to 404 Media and security researchers.
Attack Vector: Malware in Microsoft's Own Repos
Hackers compromised Microsoft's repositories and planted malicious code. The malware is designed to steal credentials when opened in AI coding tools like Claude Code or Gemini CLI. One researcher identified a specific compromised package but details are limited as Microsoft investigates.
Scope and Response
Microsoft took the unusual step of disabling more than 70 of its own repositories across GitHub. The repositories included code for Azure and AI coding agent integrations, making the breach particularly dangerous for developers using these tools.
Impact on AI Coding Agents
AI coding agents like Claude Code and Gemini CLI often execute code from repositories to perform tasks. If a developer clones a compromised repo and opens it in one of these tools, the malware can silently exfiltrate API keys, tokens, or other credentials. The attack specifically targets users of these popular AI CLI tools.
What Developers Should Do
If you have recently cloned any Microsoft GitHub repositories — especially those related to Azure or AI coding — check for suspicious files or dependencies. Avoid running untrusted code in Claude Code or Gemini CLI. Rotate any credentials that may have been exposed. Monitor GitHub for official updates from Microsoft on which repositories were affected.
📖 Read the full source: HN AI Agents
👀 See Also

ThornGuard: A Proxy Gateway to Secure MCP Server Connections from Prompt Injection
ThornGuard is a proxy that sits between MCP clients and upstream servers, scanning traffic for injection patterns, stripping PII, and logging to a dashboard. It was built after testing revealed vulnerabilities where servers could embed hidden instructions in tool responses.

Secure Remote Access with Tailscale for OpenClaw

AI Agent Guardrails Decay Over Time Without Active Maintenance
AI agent guardrails degrade over time as system prompts accumulate updates, model versions change, and new tools are added, often resulting in contradictory or ignored safety rules that require regular review and testing.

Security Analysis of AI Agents Reveals Broken Trust Model and High Vulnerability Rates
A security analysis of AI agents shows the fundamental trust model is broken, with 49% of MCP packages having security findings and indirect injection achieving 36-98% attack success rates across state-of-the-art models.