THE Miasma worm has compromised 73 Microsoft GitHub repositories, including key Azure infrastructure. This self-replicating malware was spread through AI coding tools, stealing cloud credentials from developers. The attack began after compromising a Red Hat employee's GitHub account, leading to the injection of malicious code into internal repos. Unlike previous versions, Miasma employs unique encryption for each payload, making it difficult to detect.
It not only targets local secrets but aggressively harvests cloud identities. A prior breach involving the Durable Task SDK raises concerns about the effectiveness of Microsoft’s remediation efforts. Organizations are advised to rotate potentially exposed credentials and check for suspicious activity.