Microsoft's Open-Source Tools Compromised with Credential-Stealing Malware
English summary
Microsoft took down dozens of its GitHub-hosted open-source projects after a security firm discovered they had been injected with malicious code designed to steal passwords and other sensitive credentials. At least 73 projects were affected. Following a review, some projects were restored, and Microsoft notified a small number of users who had downloaded the compromised tools. This marks the second breach of Microsoft’s open-source repositories within the past month, and the company is actively investigating.
Chinese summary
微软在安全公司发现其GitHub上的多个开源项目被植入窃取密码等敏感凭证的恶意代码后,紧急下线了数十个项目。调查显示至少73个项目受到影响,部分项目审核后已恢复上线,微软通知了少量下载受影响工具的用户。这是过去一个月内微软开源仓库第二次遭到入侵,公司正展开调查。
Key points
At least 73 Microsoft open-source projects on GitHub were secretly injected with malware to steal credentials.
至少73个微软GitHub开源项目被植入窃取凭证的恶意代码。
Microsoft took down the affected projects, reviewed them, and restored some; it also notified a small number of users who downloaded them.
微软下线受影响项目、审核后恢复部分上线,并通知少量下载用户。
This is the second breach of Microsoft’s open-source repositories in the past month.
这是过去一个月内微软开源仓库第二次遭入侵。