← All articles

Miasma worm hits 73 Microsoft GitHub repos, targets AI coding tools

The self-spreading Miasma worm, a variant of the Shai-Hulud malware linked to the group TeamPCP, has reached Microsoft's own code. Using a stolen access token, attackers pushed a malicious commit into the Azure durabletask repository, and GitHub disabled 73 repositories across four Microsoft organizations including Azure and MicrosoftDocs. The twist: the planted code runs automatically when a developer opens the project in an AI coding assistant like Claude Code, Cursor, Gemini CLI, or VS Code, then harvests cloud and developer credentials and uses them to infect more projects. It hides the trigger inside a build file (binding.gyp) that most security tools ignore.

Check
Search your GitHub orgs for commits, public repos, or build files matching Miasma naming patterns, and review AI coding agent configs (binding.gyp, agent rules) for unexpected auto-run payloads.
Affected
Organizations using npm, PyPI, or GitHub alongside AI coding assistants (Claude Code, Cursor, Gemini CLI, VS Code). Stolen maintainer tokens enable backdoored package and repo publishing.
Fix
Rotate GitHub, npm, and cloud credentials exposed to affected projects. Remove malicious commits and configs, enforce 2FA and short-lived tokens, and block install-time scripts in CI.