דלג לתוכן

Hackers Sneak Malware Into Microsoft Store Again

Hackers Sneak Malware Into Microsoft Store Again

Hackers have successfully planted malicious software in Microsoft’s official package store for the second time in just a few weeks. The fake packages automatically steal usernames and passwords as soon as someone downloads them.

This latest attack is particularly clever because it targets AI systems that automatically download and test software. When these AI agents open the infected packages, the malware immediately starts copying itself and hunting for login credentials stored on the computer.

Same Trick, New Packages

Microsoft’s package repository is supposed to be a safe place for developers to share code. But hackers keep finding ways to slip malicious packages past the company’s security checks. These aren’t random attacks either – the malware is specifically designed to spread itself to other systems once it gets in.

The stolen packages look legitimate at first glance, which is how they fool both human reviewers and automated security systems. Once installed, they quietly run in the background, collecting passwords, email addresses, and other sensitive information before sending it back to the hackers.

What Happens Next

Microsoft has removed the malicious packages, but the pattern is concerning. Two successful attacks in a matter of weeks suggests that hackers have figured out a reliable way to bypass Microsoft’s defenses. The company will likely need to add stricter security measures to prevent these credential-stealing packages from appearing again.

Originally reported by
Ars Technica AI
Back to Articles
Scroll to Top