Microsoft's npm Packages Got Backdoored. Again. And AI Agents Pulled the Trigger.

73 cryptographically signed npm packages from Microsoft were compromised last week with advanced credential-stealing malware that fires the moment a developer opens one in an AI coding agent. Claude Code, Gemini CLI, Cursor, VS Code — all trigger it. It's the second supply-chain attack in two months against the same Microsoft account.

"The genius of this Miasma worm lies in how it adhered to legitimate workflows. It does not exploit any software vulnerability in GitHub or npm. Instead, it exploits the underlying trust model of the modern engineering ecosystem."

— Cloudsmith

What actually changed

73 official Microsoft npm packages were poisoned with the Miasma worm — a clone of TeamPCP's open-sourced Mini Shai-Hulud toolkit

— Cloudsmith

What actually changed

73 official Microsoft npm packages were poisoned with the Miasma worm — a clone of TeamPCP's open-sourced Mini Shai-Hulud toolkit

Microsoft's npm Packages Got Backdoored. Again. And AI Agents Pulled the Trigger.

Microsoft's npm Packages Got Backdoored. Again. And AI Agents Pulled the Trigger.

Other newsrooms on this story

Related reading

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Other newsrooms on this story

Related reading

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Microsoft Hacked to Deliver Malware to Claude and Gemini Users

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

The Miasma Worm: How AI Coding Agents Became a Supply Chain Attack Surface

New IronWorm malware hits 36 packages in npm supply-chain attack

GitHub Worm Hits npm Packages With 16M Downloads