Miasma Campaign Exposes GitHub's Selective Takedown Blind Spots in AI-Driven Supply Chain Attacks

Microsoft's decision to restore select GitHub repositories while leaving others offline during the Miasma investigation reveals a fragmented response to what is emerging as a coordinated software supply chain operation rather than isolated compromises. The takedowns, triggered by infection of 73 open-source projects including durabletask, align with a pattern of threat actors rapidly iterating payloads to evade detection in AI-assisted development environments. Unlike prior waves that relied on bundled .pth hooks, the latest variants separate loaders from JavaScript exfiltrators, allowing stealthier integration into CI/CD pipelines and IDEs—a tactic that echoes the 2023 XZ Utils backdoor attempt but scales through PyPI typosquats impersonating requests and Flask. Mainstream reporting frames this as standard incident response, yet overlooks how the campaign's adversarial prompt injections specifically target copilots like those in VS Code or Cursor, potentially poisoning downstream code generation at scale. Drawing parallels to the 2024 PyPI Mini Shai-Hulud cluster and the 2025 Hades wave documented by Socket and ReversingLabs, Miasma demonstrates actor adaptation across bioinformatics libraries and MCP-themed packages, harvesting secrets to public GitHub repos for persistence. Microsoft's customer notifications remain limited, missing the systemic risk to the open-source ecosystem where selective restorations could allow reinfection vectors. This approach prioritizes containment optics over comprehensive platform hardening, leaving developers exposed in an era where AI tools amplify malware reach.