For the second time in weeks, malicious packages have been found on Microsoft repositories, designed to steal credentials. Researchers discovered 73 packages that execute a self-replicating credential stealer as soon as an AI agent opens them. The attack exploits the trust of automated development tools, spreading faster than traditional malware.
How the Attack Works
The infected packages activate when an AI-based system, such as a coding assistant or deployment agent, attempts to use them. The malware harvests login credentials, API tokens, and private keys, compromising entire development environments. This approach is particularly dangerous because it leverages the inherent trust AI agents place in public packages.
Supply Chain Security Under Threat
The recurrence of such incidents highlights structural weaknesses in software distribution. Package repositories like npm, PyPI, and now Microsoft channels become attack vectors for anyone using AI-assisted development tools. A recent attack exploiting WhatsApp via NSO Group (covered in our article) demonstrates the broader trend of targeted data theft.
What This Means for Developers
As AI agents become integral to software development, companies must adopt stricter security measures. Automated package scanning, digital signature verification, and developer training are essential. The self-replicating credential stealer signals a new era of supply chain attacks aimed at poisoning the data and repositories that AI relies on.
For the full technical report, see the original analysis on Ars Technica: Ars Technica.
Sponsored Protocol
