Skip to content
TechCrunch·

🚨Microsoft Disables Over 70 GitHub Repos Due to Malware

Your favorite Microsoft open-source tools are gone (temporarily)

TL;DR

Microsoft has disabled over 70 of its GitHub repositories due to malware that steals user credentials. Affected projects include AI coding apps and Azure tools, impacting developers worldwide.

Microsoft has cut off access to more than 70 open-source projects hosted on GitHub, including popular tools like VS Code extensions and Azure DevOps utilities. The breach involves malware injected into the codebase that steals user passwords and sensitive credentials when opened in AI coding apps. Developers using these repositories should be wary of potential security risks until further notice. Microsoft has temporarily removed some repositories as part of its investigation but restored others after review, with a small number of customers directly notified about compromised content.

Microsoft Disables Over 70 GitHub Repos Due to Malware — TechCrunch

Key Points

1

Over 70 Microsoft-owned repositories were temporarily removed from GitHub, including popular AI coding apps and Azure DevOps utilities.

2

Malware injected into the code allows hackers to steal user passwords and sensitive credentials when opened in AI coding apps.

3

At least 70 projects belonging to Microsoft have been 'disabled' due to a violation of GitHub's terms of service.

4

The breach is an example of a supply chain attack, targeting code used by many software products or specific users with cloud system access.

5

This incident follows another security breach in mid-May involving Microsoft's Durable Task project.

Why It Matters

If you're using any of the affected tools like VS Code extensions or Azure DevOps utilities from Microsoft, your credentials could be at risk. Developers should monitor updates and consider alternative solutions until repositories are fully restored.

microsoftgithubmalwareopen-sourcevs-code

Frequently Asked Questions

Why does this matter?

If you're using any of the affected tools like VS Code extensions or Azure DevOps utilities from Microsoft, your credentials could be at risk. Developers should monitor updates and consider alternative solutions until repositories are fully restored.

What happened?

Microsoft has disabled over 70 of its GitHub repositories due to malware that steals user credentials. Affected projects include AI coding apps and Azure tools, impacting developers worldwide.

Comments

Subscribe to join the conversation...

Be the first to comment

Enjoyed this article?

Get it daily. 7am. Free. Reads in 5 minutes.

Join 2,024 builders reading daily.