Microsoft Removes 73 GitHub Repositories Linked to Malware Campaign
AI-generated from multiple sources. Verify before acting on this reporting.
REDMOND, Wash. (AP) — Microsoft removed 73 repositories from its official GitHub accounts on Monday after discovering they had been compromised by a supply-chain attack distributing password-stealing malware.
The tech giant took down the repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations. The action followed the detection of malicious content designed to disrupt continuous integration pipelines and steal credentials from developers using the code.
The incident is part of a broader campaign identified as Miasma, also known as Shai-Hulud. Security researchers have linked the attack to a sophisticated effort to infiltrate software supply chains by inserting malicious code into legitimate projects. The compromised repositories were found to be distributing payloads that could compromise developer environments and corporate networks.
Microsoft’s security team identified the intrusion and immediately began the process of purging the affected code. The removal of the repositories was completed on June 9, 2026. The company stated that the action was necessary to prevent further distribution of the malware and to protect users who might have cloned or forked the repositories prior to their removal.
The Miasma campaign has targeted multiple organizations, exploiting vulnerabilities in software development workflows. By compromising official repositories, attackers can gain a level of trust that makes their malicious code more likely to be accepted and integrated into other projects. This method allows for widespread distribution of malware with minimal detection.
Developers who have previously used the affected repositories are advised to audit their systems for signs of compromise. Microsoft has not yet specified the exact nature of the malware or the full extent of the damage caused by the campaign. The company is working with security partners to investigate the origin of the attack and identify any other potentially affected systems.
The incident highlights the growing threat of supply-chain attacks targeting software development infrastructure. As companies increasingly rely on open-source code and automated pipelines, the risk of malicious actors inserting harmful code into trusted repositories continues to rise. Security experts warn that organizations must implement rigorous verification processes to detect and prevent such intrusions.
Microsoft has not commented on whether any specific customers or partners were impacted by the compromised repositories. The company is expected to provide further details as the investigation continues. For now, the focus remains on containing the threat and preventing further spread of the malware.
The removal of the repositories marks a significant step in mitigating the immediate risk, but questions remain about the long-term impact of the campaign. Security analysts are monitoring the situation closely for any signs of resurgence or new vectors of attack. The incident serves as a stark reminder of the vulnerabilities inherent in modern software development practices.