The cybersecurity landscape faced another significant setback last week when dozens of cryptographically verified open source packages from Microsoft were compromised. Malicious code designed to steal credentials was detected, triggered specifically when developers interacted with these packages using AI coding agents.
Malicious Packages Identified
Researchers have flagged 73 packages as having malicious intent after they were automatically blocked by GitHub’s security systems. In a somewhat concerning response, GitHub, owned by Microsoft, labeled the incident as a “violation of GitHub’s terms of service,” advising the package owners to reach out for further guidance rather than openly acknowledging the malicious nature of the compromised software.
Assuming Compromise
Only on Monday did Microsoft acknowledge the potential infection of the packages. An email communication stated: “We have temporarily removed some repositories as we investigate potential malicious content.” Developers are encouraged to assume that their systems may be compromised if they interacted with these packages.
This incident marks the second supply-chain attack targeting Microsoft’s repositories within the last few months. Notably, in May, StepSecurity highlighted a compromise involving Microsoft’s durabletask Python SDK on PyPI, a framework crucial for orchestrating fault-tolerant workflows, which garners around 400,000 downloads monthly.
How the Attack Was Executed
The malicious packages executed a 28 KB payload that was adept at stealing credentials from various services, including AWS, Azure, Google Cloud Platform, Kubernetes, password managers, and more than 90 developer tool configurations. The attack was executed by a threat actor identified as TeamPCP, who exploited Microsoft’s own credentials to publish the compromised durabletask package. This method enables attackers to bypass standard security protocols effectively.
The malware responsible for these attacks is known as Miasma. This tool is essentially a replica of TeamPCP’s Mini Shai-Hulud toolkit, which had been recently open-sourced. According to security experts at Cloudsmith, the malware efficiently harvests OpenID Connect (OIDC) token credentials, which are vital for supply-chain integrity assurance, i.e., ensuring that software artifacts are authentic and have not been tampered with.
Similar to the earlier incident with the durabletask SDK, the recent compromise leveraged the inherent functionality of Microsoft’s repositories to obtain legitimate OIDC tokens. This tactic was also previously employed in a broader scale supply-chain attack that tainted numerous packages within the Red Hat ecosystem.
As the frequency of these attacks rises, meticulous vigilance is essential for developers working in the ecosystem. Regularly updating security measures and maintaining awareness of potential vulnerabilities can help mitigate the risks posed by such evolving threats.
For more detailed information on this alarming incident, please follow this link.
Image Credit: arstechnica.com
