Microsoft's open source tools were hacked to steal passwords of AI developers
Microsoft pulled multiple GitHub repos after suspected malware targeted AI developers’ passwords and credentials.
Microsoft temporarily removed several open source GitHub projects while investigating suspected malicious content. The affected repos were linked to Azure and developer workflows involving AI coding tools such as Claude Code, Gemini CLI, and VS Code. Security researchers said the malware could steal passwords and sensitive credentials when compromised tools were opened, though Microsoft has not disclosed how many users were affected.
TechCrunch 報導,Microsoft 已暫時切斷多個 GitHub 開源專案的存取權,原因是公司正在調查這些專案疑似遭駭客入侵,並被植入可竊取密碼的惡意程式。文章指出,受影響的專案有不少與 Microsoft Azure 雲端服務及開發者工具相關,也可能被用在 AI coding app 的工作流程中,例如 Claude Code、Gemini 的命令列介面,以及 VS Code。根據資安公司 Cloudsmith 與社群惡意程式分析網站 OpenSourceMalware 的說法,這批惡意程式可能在開發者透過 AI 編碼工具開啟受污染專案時,竊取使用者密碼與其他敏感憑證。
Free shows the 3-line summary; Pro unlocks the full deep summary (~300 words) so you never have to click through.
See Pro plans →Want the original English / full article?
Read on Hacker News (AI keywords) →Related
Summaries are AI-generated; the original article is authoritative.