Miasma Worm Hits Microsoft GitHub Repos Through AI Coding Tools

by Emma Davis
38 seconds ago

The Miasma supply-chain worm has moved from poisoned package installs to repository config files that can run through AI coding tools and IDEs. Developers should inspect cloned Microsoft/Azure repos and treat editor configs as executable supply-chain risk.

The Miasma supply-chain worm has moved into a more dangerous lane: repository configuration files that can be executed by AI coding tools, IDEs, and CI workflows. StepSecurity said GitHub disabled 73 repositories across Microsoft-related organizations on June 5, 2026, after a malicious commit landed in Azure/durabletask and the campaign shifted from package-install hooks toward editor and AI-agent startup files.[1]

Editorial cartoon showing a Miasma worm stealing developer tokens from a repository opened by AI coding tools
The folder looked normal until the tokens started walking out.

The important detail is not only the Microsoft name. In the earlier Miasma wave, which we covered in the Red Hat npm package compromise, developers mainly had to worry about infected packages and install-time behavior. The June 5 incident shows a quieter route: malicious repository files such as .claude/settings.json, .cursor/rules/setup.mdc, .gemini/settings.json, and .vscode/tasks.json can turn a normal clone/open workflow into a credential-harvesting event when tools trust the project directory too much.[1]

According to StepSecurity, the affected repositories spanned Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations, and GitHub performed a fast automated disablement sweep. The Hacker News separately reported the same 73-repository scope and noted that the campaign also touched Azure Functions-related projects.[2] The public Azure/functions-action repository is reachable again as of this check, so defenders should treat the event as a supply-chain exposure window and cleanup problem, not proof that every listed repository remains offline.[4]

What Developers Should Check Now

If your team cloned Microsoft or Azure sample repositories around June 5, opened them in AI-assisted editors, or mirrored them into internal CI, inspect the local copy before reopening it. Look first for unexpected editor-agent files under .claude/, .cursor/, .gemini/, and .vscode/. Those folders are easy to dismiss as harmless developer convenience files, but this campaign makes them part of the executable supply chain.

Do not rotate secrets from a workstation that may still be executing suspicious workspace hooks. Isolate the machine or container, review shell history and recent process activity, then rotate GitHub, npm, PyPI, cloud, and CI tokens from a trusted environment. GitHub audit logs should be checked for unexpected direct pushes, new workflow files, unusual OAuth app use, repository creation, package publication, and token activity shortly after the affected repos were cloned or opened.

The same pattern connects to other developer-secret incidents. Our earlier Mini Shai-Hulud supply-chain report focused on poisoned packages, while the Nx Console VS Code extension case showed how developer tools themselves can become a path to GitHub token theft. Miasma now sits between those two models: it abuses the trust developers place in project folders and AI-assisted automation.

For prevention, keep repository branch protection and signed-review rules enabled, pin GitHub Actions where practical, and prefer short-lived cloud credentials through OIDC instead of long-lived static secrets in developer machines or CI variables. Red Hat’s Miasma bulletin already warned that exposed secrets should be rotated and affected environments reviewed after the earlier npm package compromise; the Microsoft/Azure repository wave makes that advice broader for teams using AI coding assistants.[3]

References

  1. StepSecurity. “Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents.” June 5, 2026. https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents
  2. The Hacker News. “Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack.” June 6, 2026. https://thehackernews.com/2026/06/miasma-worm-hits-73-microsoft-github.html
  3. Red Hat. “RHSB-2026-006 Miasma malware in npm packages.” June 2, 2026. https://access.redhat.com/security/vulnerabilities/RHSB-2026-006
  4. GitHub. “Azure/functions-action.” Accessed June 7, 2026 UTC. https://github.com/Azure/functions-action

About the author

Emma Davis

Content editor and security writer focused on making malware-removal and scam-prevention guides easier to understand. Emma reviews structure, clarity, and source consistency before articles are published.

View all posts

Leave a Comment