Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Hades PyPI attack is a supply chain malware campaign that compromised 19 Python packages on the PyPI registry. The malicious packages include a setup file that auto-executes during Python startup to download and run the Bun JavaScript runtime, which then executes an obfuscated credential-stealing payload. This payload targets a wide range of developer secrets and credentials from cloud services, CI/CD platforms, and local configurations. The campaign is part of the ongoing Shai-Hulud / Miasma lineage of attacks, using novel persistence and evasion techniques including AI analysis deception and locale-based targeting. No official patch or remediation guidance is provided in the source content.
AI Analysis
Technical Summary
The Hades campaign is a supply chain attack involving 37 malicious wheel artifacts across 19 PyPI packages. The compromised packages deploy a *-setup.pth file that executes automatically on Python interpreter startup, downloading the Bun JavaScript runtime and running an obfuscated JavaScript stealer. This stealer harvests a broad set of developer and CI/CD credentials, including tokens and configuration files for GitHub, npm, PyPI, cloud providers, and container platforms. The campaign is a variant of the Shai-Hulud / Miasma malware lineage, distinguished by new persistence mechanisms and AI evasion techniques such as prompt injection to mislead LLM-based package analysis tools. The malware avoids execution on systems with a Russian locale and attempts lateral movement and propagation via compromised developer environments. The attack also targets computational biology-related packages with a different infection vector embedded in __init__.py files. The campaign demonstrates the risks of trusted package repositories being abused to execute malicious code automatically upon package installation without explicit user invocation.
Potential Impact
The attack results in the theft of a wide range of sensitive developer credentials and secrets, including tokens and keys for GitHub, npm, PyPI, cloud platforms (AWS, GCP, Azure), Kubernetes, Docker, Vault, and CI/CD systems. This can lead to unauthorized access to developer environments, source code repositories, cloud infrastructure, and continuous integration pipelines. The malware also installs a destructive wiper service that deletes user data if stolen GitHub tokens are revoked. The campaign enables lateral movement within developer networks and propagation of trojanized packages, increasing the risk of widespread compromise in affected ecosystems.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch information is provided in the source content. Users should avoid installing or updating the identified malicious PyPI packages until further notice. Review and revoke any exposed credentials or tokens that may have been compromised. Monitor for unusual activity related to GitHub tokens and developer environments. Employ additional verification and security controls around package dependencies and supply chain integrity. Given the malware's evasion techniques, rely on multiple detection methods beyond AI-based package analysis tools.
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
Description
The Hades PyPI attack is a supply chain malware campaign that compromised 19 Python packages on the PyPI registry. The malicious packages include a setup file that auto-executes during Python startup to download and run the Bun JavaScript runtime, which then executes an obfuscated credential-stealing payload. This payload targets a wide range of developer secrets and credentials from cloud services, CI/CD platforms, and local configurations. The campaign is part of the ongoing Shai-Hulud / Miasma lineage of attacks, using novel persistence and evasion techniques including AI analysis deception and locale-based targeting. No official patch or remediation guidance is provided in the source content.
Reddit Discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Hades campaign is a supply chain attack involving 37 malicious wheel artifacts across 19 PyPI packages. The compromised packages deploy a *-setup.pth file that executes automatically on Python interpreter startup, downloading the Bun JavaScript runtime and running an obfuscated JavaScript stealer. This stealer harvests a broad set of developer and CI/CD credentials, including tokens and configuration files for GitHub, npm, PyPI, cloud providers, and container platforms. The campaign is a variant of the Shai-Hulud / Miasma malware lineage, distinguished by new persistence mechanisms and AI evasion techniques such as prompt injection to mislead LLM-based package analysis tools. The malware avoids execution on systems with a Russian locale and attempts lateral movement and propagation via compromised developer environments. The attack also targets computational biology-related packages with a different infection vector embedded in __init__.py files. The campaign demonstrates the risks of trusted package repositories being abused to execute malicious code automatically upon package installation without explicit user invocation.
Potential Impact
The attack results in the theft of a wide range of sensitive developer credentials and secrets, including tokens and keys for GitHub, npm, PyPI, cloud platforms (AWS, GCP, Azure), Kubernetes, Docker, Vault, and CI/CD systems. This can lead to unauthorized access to developer environments, source code repositories, cloud infrastructure, and continuous integration pipelines. The malware also installs a destructive wiper service that deletes user data if stolen GitHub tokens are revoked. The campaign enables lateral movement within developer networks and propagation of trojanized packages, increasing the risk of widespread compromise in affected ecosystems.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch information is provided in the source content. Users should avoid installing or updating the identified malicious PyPI packages until further notice. Review and revoke any exposed credentials or tokens that may have been compromised. Monitor for unusual activity related to GitHub tokens and developer environments. Employ additional verification and security controls around package dependencies and supply chain integrity. Given the malware's evasion techniques, rely on multiple detection methods beyond AI-based package analysis tools.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a27dc0e8dd33fbd850bcda0
Added to database: 6/9/2026, 9:25:34 AM
Last enriched: 6/9/2026, 9:25:42 AM
Last updated: 6/9/2026, 2:24:39 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.