Now Playing
Miasma Worm Hits 73 Microsoft GitHub Repos via AI Coding Agents
Audio is available on Spreaker — see link below.
A supply chain worm called Miasma compromised 73 Microsoft GitHub repositories without exploiting a single vulnerability — just stolen credentials and weaponised AI coding agents. This is the first documented case of malware using Claude Code, Gemini CLI, and VS Code as an execution trigger.
Audio is available on Spreaker — see link below.
Seventy-three Microsoft GitHub repositories were compromised last week by a supply chain worm called Miasma, and the detail that matters most is this: it didn't exploit a single vulnerability to do it. Miasma is a variant of Mini Shai-Hulud, a worm first deployed by a threat group called TeamPCP in May.
The worm's propagation method is worth understanding clearly. Miasma deployed a four-point-three megabyte payload runner directly into infected repositories, including mantine-datatable and related projects, bypassing the npm registry entirely.
The durabletask connection raises a harder question. TeamPCP compromised that same package in May.
What's unresolved is material. The full scope of compromised credentials isn't confirmed.
Zoom out and the pattern is harder to dismiss. Across npm and GitHub in recent weeks, roughly ninety-five repositories have been compromised in connected campaigns.
The near-term watchpoints are specific. Confirm whether durabletask and mantine packages in your dependency tree were pulled before the takedown.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.