Microsoft pulls open source AI developer tools over password-stealing malware

Security firms Cloudsmith and OpenSourceMalware were among the first to report the incident. The malware reportedly allowed attackers to steal users' passwords and other sensitive credentials when they accessed the compromised tools. It remains unclear how many individuals downloaded the affected software.

A Microsoft spokesperson, Ben Hope, confirmed that repositories were temporarily removed due to potential malicious content, with some being restored after review and others remaining offline. The company has notified a small number of customers who may have accessed the compromised content.

At least 70 Microsoft projects were disabled on GitHub, with a message indicating a violation of the platform's terms of service. This incident is the latest in a series of 'supply chain' attacks targeting widely used open source projects to distribute malware. It is particularly notable given Microsoft's resources for cybersecurity, making it a rare target for such breaches.