A new worm called Miasma has infected 73 Microsoft repositories on GitHub, activating when a developer opens the code in AI assistants like Claude Code or Cursor. Its goal is to steal credentials from cloud services and propagate. For users, this means that if you work with these tools, your keys may be exposed without you noticing.
How the attack operates and what it exposes 🛡️
Miasma hides in seemingly legitimate code files. When opened by the AI assistant, the worm executes commands that extract tokens, API keys, and credentials from AWS, Azure, or Google Cloud. It then sends the data to a remote server and replicates itself in other repositories of the same developer. It requires no special permissions: only that the AI processes the infected file. The propagation is silent and fast.
AI helps you code, but also helps you lose your keys 🤖
It turns out that entrusting your code to an AI assistant is like asking a parrot to guard the combination to your safe: it can repeat it, but it doesn't know it shouldn't. Miasma demonstrates that these tools not only read your code, but can also be the conduit for a worm to steal your credentials. So you know: update passwords, review access, and think twice before letting AI review your repository. Or you'll end up explaining to your boss why your AWS account now has an unwanted tenant.