Andrew Weir

GitHub disabled 73 Microsoft repositories on June 5, 1600 UTC due to compromise by the Miasma worm. Miasma is a derivative of the recently prolific Shai-Hulud infection causing a spate of supply chain compromise.

Miasma harvests credentials, keys, and tokens from any environment that pulled from affected repositories.

1. Malicious actor acquires a developer or CI/CD access (compromised credentials)
2. Malicious actors pushes the worm (which starts as a obfuscated index.js)
3. Developer or CI/CD Tool pulls the worm from the repository
4. Developer or CI/CD Tool uses their IDE which executes the payload, or uses tooling which does, or uses npm install
5. Miasma scans the machine it was executed on for any credential-like strings, keys, access tokens, etc.
6. Miasma exfiltrates these tokens to dead-drop repositories: short-lived, oddly named repositories to which the malicious actor collects them at a later point,
7. Miasma replicates within any repositories on the host machine and commits,
8. New Victim later pulls from those repos, and we repeat from step 3.

You may be affected if any machine or CI/CD pipeline cloned or pulled from one of the 73 repositories at any point before June 5, 2026 16:00 UTC, potentially up to three days before. One of the headline talking points is that Github disabled the repos within 105 seconds, but that doesn't mean users weren't at risk prior to this.

To check if your credentials are potentially compromised, you should check CI/CD logs and git histories for pulls from affected repos (see below). Also check for oddly named repositories created by CI tokens (e.g. `nemean-hydra-XXXXX`); unexpected files added to `.vscode/`, `.cursor/`, or `.claude/` directories in any affected repo; any developer who opened an affected repo locally in VS Code, Cursor, or similar AI-assisted IDEs.

If any of the above are confirmed, or if you cannot rule it out my advice is to rotate all cloud credentials (AWS, Azure, GCP), regenerate GitHub PATs and npm tokens, rotate SSH keys, HashiCorp Vault tokens, Kubernetes service account tokens, and any secrets held in `.env` files. If in doubt, rotate anyway.

Affected machines should be reformatted out of an abundance of caution, particularly CI runners. For developer workstations where reformatting is disruptive, it should be done unless a clean forensic investigation can confirm no payload executed.

List of disabled repos by Github

Note: These repositories were disabled as a precaution, without confirmation they were hosting Miasma.

Azure (49

azure-functions-agents-runtime          azure-functions-connector-extension
azure-functions-core-tools              azure-functions-docker
azure-functions-dotnet-extensions       azure-functions-dotnet-worker
azure-functions-durable-extension       azure-functions-durable-js
azure-functions-durable-powershell      azure-functions-durable-python
azure-functions-extension-bundles       azure-functions-golang-worker
azure-functions-host                    azure-functions-java-library
azure-functions-java-worker             azure-functions-kafka-extension
azure-functions-language-worker-protobuf azure-functions-mcp-extension
azure-functions-nodejs-e2e-tests        azure-functions-nodejs-library
azure-functions-nodejs-opentelemetry    azure-functions-nodejs-worker
azure-functions-openai-extension        azure-functions-powershell-library
azure-functions-powershell-opentelemetry azure-functions-powershell-worker
azure-functions-python-extensions       azure-functions-python-library
azure-functions-python-worker           azure-functions-rabbitmq-extension
azure-functions-skills                  azure-functions-sql-extension
azure-functions-templates               azure-functions-tooling-feed
azure-functions-vs-build-sdk            azure-webjobs-sdk
azure-webjobs-sdk-extensions            azure-websites-security
checkaccess-v2-go-sdk                   Connectors-NET-LSP
Connectors-NET-Samples                  Connectors-NET-SDK
Connectors-NodeJS-SDK                   connectors-python-sdk
durabletask                             functions-action
functions-container-action              homebrew-functions
sonic-gnmi.msft

microsoft (10)

DurableFunctionsMonitor    durabletask-dotnet     durabletask-go
durabletask-java           durabletask-js         durabletask-mssql
durabletask-netherite      durabletask-protobuf
Microsoft-Performance-Tools-Apple                 secure-azureai-agent

Azure-Samples` (13)

azure-ai-content-understanding-python   azure-container-apps-multi-agent-workflow
azure-container-apps-sandboxes          azure-functions-java-flex-consumption-azd
azure-functions-nodejs-opentelemetry-samples
azure-search-openai-demo-purviewdatasecurity
functions-connectors-python             functions-connectors-typescript
llm-fine-tuning                         openai-chat-app-entra-auth-builtin
openai-chat-app-entra-auth-local        rag-postgres-openai-python
tutor

MicrosoftDocs` (1)

windows-driver-docs

Sources and discussion for this report:

• https://www.herodevs.com/blog-posts/miasma-npm-worm-steals-cloud-creds-and-hijacks-ci-cd
• https://safedep.io/miasma-worm-ai-coding-agent-config-injection/
• https://opensourcemalware.com/blog/miasma-reaches-azure
• https://thecybersecguru.com/news/miasma-worm-targets-ai-coding-agents-github-microsoft/
• https://www.reddit.com/r/AZURE/comments/1txsbrw/emerging_microsoft_codebases_compromised_by/