Miasma worm hits Microsoft GitHub repositories
Microsoft temporarily disabled repositories after reports of Miasma worm activity targeting developer IDE and AI coding tool workflows.
Published
Jul 01, 2026Duration
4 min readRisk Level
High SeverityIntel Tags
Why it matters
Miasma is a reminder that supply-chain defense cannot stop at package registries. Reporting from StepSecurity, ThreatLocker, and The Hacker News describes a campaign in which repository configuration itself became the execution path. That matters for teams adopting AI coding tools because a repository can carry tool hooks, workspace tasks, and prompt-like rules that execute or steer behavior before a developer has reviewed the code. The practical defender lesson is simple: treat cloned repositories, editor configuration, and AI-agent startup hooks as part of the software supply chain.
What happened
The Hacker News reported that Microsoft repositories were affected by the Miasma self-replicating supply-chain campaign, citing 73 repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs. StepSecurity reported that, on June 5, a previously compromised contributor account pushed a malicious commit to Azure/durabletask and that GitHub disabled 73 repositories across four Microsoft organizations. Microsoft told The Hacker News that some repositories were temporarily removed while potential malicious content was investigated. ThreatLocker separately described the same repository-centered compromise pattern and Microsoft-owned repository disruption.
Technical details
StepSecurity’s analysis says the malicious Azure/durabletask commit did not change normal source code. Instead, it introduced configuration and setup files aimed at developer environments: Claude Code and Gemini CLI session hooks, Cursor rules, a VS Code folder-open task, and a large obfuscated JavaScript setup file. The effect was a move from “execute when installed” to “execute when opened,” where an IDE or AI coding assistant could trigger the payload as part of project setup. Public reporting connects this activity to the earlier durabletask PyPI compromise, but the strongest safe conclusion is that repository credentials and developer-tool trust boundaries were central to the incident.
Defender actions
Teams that cloned or opened affected repositories during the window described by StepSecurity should rotate GitHub, cloud, package-registry, and developer-tool credentials exposed on those systems. Review repository-level files such as .vscode/tasks.json, .claude/settings.json, .gemini/settings.json, Cursor rules, and hidden setup scripts before opening unfamiliar projects in an IDE or AI assistant. Disable automatic folder-open task execution where possible, add detection for unexpected editor hook files in code review, and isolate investigation of suspicious repositories in disposable environments. For CI/CD, confirm that workflows depending on affected Microsoft repositories or actions are pinned, available, and sourced from restored trusted revisions before redeployment.