Idan Kuna Amfani da Claude Ko Gemini, Wannan Keta na Microsoft Yana Nufin Bayanan Ku na Cikin Hatsari

Wani hari na sarkar samarwa mai matukar inganci da aka sani da Miasma worm ya yi nasarar yin awon gaba da ma’ajiyar GitHub na Microsoft da dama, yana tura malware da aka tsara musamman don fashewa a cikin mataimakan coding na AI kamar Claude Code, Gemini CLI, Cursor, da VS Code.

A ranar 5 ga Yuni, 2026, GitHub aka tilasta musu kashe ma’ajiyoyi 73 a cikin ƙungiyoyin Microsoft guda huɗu — gami da ainihin ababen more rayuwa na Azure — bayan mai ba da gudummawa na mugunta ya saka malware mai tattara bayanan sirri.

Idan kuna amfani da wakilan AI don kewaya ko rubuta code, ga abin da kuke buƙatar sani game da keta da yadda za ku kare muhallinku.

Yadda Tarko Yake Tashi

A tarihi, masu haɓakawa sun damu game da boyuwar malware a cikin rubutun zagayowar rai yayin shigar da fakiti (kamar gudanar da npm install). Miasma worm ya gabatar da sabon tsari mai haɗari: aikin yana aiwatawa kawai ta buɗe babban fayil ɗin aikin.

Maharan sun cimma wannan ta hanyar yin amfani da fayilolin daidaitawa waɗanda wakilan coding na AI ke amfani da su don fahimtar aikin. Ta hanyar ɓoye umarnin mugunta a cikin daidaitattun ƙugiyoyin saiti, malware yana yaudarar mataimakin AI don gudanar da aikin ta atomatik.

Ga yadda yake kaiwa ga takamaiman kayan aiki:

• Claude Code & Gemini CLI: Maharan sun dasa fayilolin .claude/settings.json da .gemini/settings.json na mugunta. Waɗannan sun ƙunshi ƙugiyar “SessionStart” da ke aiwatar da malware a hankali lokacin da wakilin AI ya haɗu da ma’ajiyar.
• Cursor: Allurar umarni a cikin .cursor/rules/setup.mdc tana yaudarar Cursor AI ya yarda cewa dole ne ya gudanar da malware don “fara muhallin aikin.”
• VS Code: Fayil ɗin .vscode/tasks.json da aka gyara yana aiwatar da aikin ta atomatik da zaran an buɗe babban fayil.

Abin Da Malware Ke Sata

Aikin kansa shine babban fayil ɗin JavaScript mai nauyin 4.6 MB da aka ɓoye (.github/setup.js) wanda aka gina don manufa ɗaya: satar bayanan sirri.

Da zarar wakilin AI ko IDE ɗinku ya kunna shi, malware nan take yana farautar:

• Maɓallan Cloud: Takaddun shaidar AWS, Google Cloud Platform (GCP), da Microsoft Azure.
• Sirrin Masu Haɓakawa: Sirrin Ayyukan GitHub da aka ciro kai tsaye daga ƙwaƙwalwar tsari.
• Rumbunan Kalmar sirri: Bayanan da aka buɗe daga masu sarrafa kalmar sirri kamar 1Password da gopass.
• Kayan aikin Ababen More Rayuwa: Kalmomin sirri da ke ɓoye a cikin fayilolin .env, kayan aikin Docker, da muhallin Kubernetes.

Saboda aikin yana satar ingantattun alamar OAuth da maɓallan cloud, maharan za su iya kewaya na’urar scanner na tsaro na gargajiya, yana barin tsutsar ta yadu ta hanyoyin sadarwar kamfani kuma ta buga ƙarin code na mugunta ƙarƙashin sahihan bayanan masu haɓakawa.

Yadda Za Ka Kare Kanka

Hanyar AI-agent tana buƙatar canji a yadda masu haɓakawa ke kula da code na budewa. Buɗe ma’ajiyar da ba a amince da ita ba ko ta lalace a cikin mataimakin AI yanzu tana ɗaukar haɗarin daidai da gudanar da wani abu da ba a sani ba.

Idan kwanan nan kun kwafi ko hulɗa da ma’ajiyar Microsoft ko Azure (musamman game da tsarin durabletask) ta amfani da Claude Code, Gemini CLI, ko Cursor, ɗauka cewa muhallinku na iya lalacewa.

Matakan Gaggawa

1. Bincika Kayan Aiki Masu Tuhuma: Kafin buɗe kowane ma’ajiyar waje a kayan aikin AI, bincika babban fayil don ba zato ba tsammani .claude, .gemini, .cursor, ko .vscode kundayen. Nemo “SessionStart” ƙugiyoyi da ke nuna fayilolin JavaScript ko shell da ba a sani ba.
2. Canza Takaddun Shaida: Idan kuna zargin fallasa, nan take canza Alamomin Samun dama na GitHub (PATs), maɓallan SSH, maɓallan sa hannu na CI/CD, da duk ingantattun takaddun shaida na mai bada sabis na cloud.
3. Bincika Izinin AI: Tabbatar cewa wakilan coding na AI an hana su sarai daga gudanar da rubutun farawa ta atomatik ko samun damar kundayen gida masu mahimmanci ba tare da izinin hannu ba.