Microsoft Packages Compromised Twice in Weeks with Credential-Stealing Malware
Second Microsoft supply-chain compromise in weeks infects 73 packages with Miasma credential stealer via OIDC token theft.
Dozens of cryptographically verified Microsoft open source packages were altered late last week to include credential-stealing code activated in AI coding agents, with 73 packages blocked by GitHub automated systems. GitHub cited terms of service violations rather than malware flags, while Microsoft confirmed malicious content only on Monday. The attack follows the May compromise of the durabletask Python SDK on PyPI, which had 400,000 monthly downloads and executed a 28 KB payload targeting AWS, Azure, GCP, and 90+ developer tools.
The malware, tracked as Miasma and linked to TeamPCP, harvested OIDC tokens used in SLSA provenance attestation after Microsoft publishing credentials were breached, bypassing build pipelines as documented in the StepSecurity May report. Cloudsmith analysis confirmed identical OIDC theft tactics in the recent incident and a separate Red Hat package poisoning campaign. Both Microsoft events used the same Mini Shai-Hulud toolkit clone.
Primary indicators show repeated use of verified Microsoft repository accounts for supply-chain insertion, with payloads spreading laterally through cloud environments and password managers.
AXIOM: Repeated Microsoft account compromises enable direct OIDC token theft, exposing SLSA attestations across ecosystems.
Sources (2)
- [1]Primary Source(https://arstechnica.com/security/2026/06/for-the-2nd-time-in-weeks-microsoft-packages-laced-with-credential-stealer/)
- [2]Related Source(https://www.stepsecurity.io/blog/durabletask-pypi-compromise)