Microsoft yanked 73 repositories from GitHub last week after discovering they’d been compromised by a self-propagating supply-chain worm called Miasma. The repositories — spread across Microsoft’s Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations — were distributing password-stealing malware before GitHub staff pulled the plug.
The whole thing was contained in 105 seconds. That’s the good news. The bad news: this worm has been busy for weeks, and Microsoft’s cleanup might not be finished.
How It Got In
The Miasma campaign first surfaced in May when it hit the Python Package Index, pushing three malicious versions of Microsoft’s own ‘durabletask’ PyPI package (versions 1.4.1, 1.4.2, and 1.4.3). From there, the attackers pivoted to Microsoft’s GitHub presence.
According to researchers at Cloudsmith, the worm initially struck Red Hat’s npm namespace by compromising a Red Hat employee’s GitHub account. The attackers pushed unreviewed orphan commits to internal repos, injecting a minimal workflow that requested GitHub’s OIDC tokens. Those tokens became the keys to the kingdom — letting the worm spread to Microsoft’s Azure environment on GitHub.
Security engineer Adnan Khan noted that the June 5 incident appeared to be part of the same Miasma campaign that previously infected 32 of Red Hat’s npm packages. The worm specifically targets AI coding tools — Claude Code, Gemini CLI, VS Code, Cursor — making it a direct threat to developer workflows.
What Got Broken
The most immediate impact was on developers using ‘Azure/functions-action,’ a GitHub Action for deploying Azure Functions. When the repos went dark, workflows referencing that action stopped working overnight. Build pipelines broke. Deployments stalled. Developers woke up to broken CI/CD with no clear explanation.
Microsoft’s initial response didn’t help. In a community discussion, a company rep said the repos were disabled due to “an internal management issue” — a vague explanation that left developers scrambling. The real reason, as BleepingComputer confirmed, was concern over “potential malicious content.”
At the time of writing, all 73 repositories have been restored and are considered clean. Microsoft says it’s notified a small number of customers who may have pulled content from the affected repos during the compromise window.
Why This Should Worry You
Supply-chain attacks on open-source ecosystems aren’t new, but Miasma represents an escalation in both speed and targeting. Going from Red Hat’s npm packages to Microsoft’s GitHub repos in a single campaign shows a level of ambition we haven’t seen before from a worm.
The fact that it specifically targets AI coding tools is particularly concerning. As more developers adopt AI-assisted coding, the attack surface expands. A compromised AI tool doesn’t just steal credentials — it can inject malicious code into every project it touches.
And while Microsoft contained this particular incident quickly, the OpenSourceMalware platform noted that the ‘durabletask’ repo was compromised in May, suggesting the attackers had persistent access that wasn’t fully remediated.
What to Do
If you pulled packages from Microsoft’s Azure, microsoft, Azure-Samples, or MicrosoftDocs organizations on GitHub between May and June 5, audit your dependencies. Check for unexpected versions of ‘durabletask’ on PyPI. Review your GitHub Actions workflows for any references to repos that were temporarily disabled.
More broadly: treat your CI/CD pipeline like production infrastructure. Pin your dependencies. Review third-party GitHub Actions before adding them to your workflows. And if an AI coding tool suggests adding a dependency you don’t recognize — verify it manually.
What’s Next
Microsoft says its investigation is ongoing and it will reach out through support channels if further customer action is needed. But the Miasma campaign doesn’t appear to be over. With Shai-Hulud-style worms now targeting both package managers and source code repositories simultaneously, expect more incidents like this — and expect the next one to move even faster.
