Hackers compromised 19 PyPI packages, primarily bioinformatics tools, injecting malicious code that executes upon Python startup via a .pth file. This code downloads the Bun JavaScript runtime to execute an obfuscated JavaScript payload that exfiltrates developer secrets such as GitHub tokens, cloud credentials, SSH keys, and configuration files. The malware uses evasion techniques including locale checks and security tool detection, and establishes persistence through systemd services and LaunchAgents. Data exfiltration occurs mainly through automatically created GitHub repositories via GitHub Actions, with a secondary HTTPS channel mimicking a legitimate API endpoint. This attack is linked to the broader Shai-Hulud campaign, which has compromised hundreds of open-source packages across ecosystems. Detection involves monitoring for Python packages with executable .pth hooks and Bun runtime downloads. The attack compromises software development workflows to propagate malware and steal sensitive secrets.

The attack compromises developer workstations and CI/CD environments by stealing a broad range of sensitive credentials and secrets, including GitHub tokens, cloud service credentials (AWS, GCP, Azure), SSH keys, Docker credentials, and configuration files. This can lead to unauthorized access to source code repositories, cloud infrastructure, and other critical development and deployment resources. The persistence mechanisms and evasion techniques increase the difficulty of detection and removal. The widespread downloads of the affected packages imply a significant exposure risk to the developer community relying on these PyPI packages.

There is no explicit patch available for the compromised packages; remediation involves removing the affected packages and restoring environments from safe backups. Organizations should immediately rotate all potentially exposed secrets, including tokens, keys, and credentials. Defenders should monitor for Python packages containing executable .pth startup hooks, unexpected downloads of the Bun JavaScript runtime from GitHub, and process chains where Python launches Bun to execute the malicious JavaScript payload. Investigate and remediate persistence mechanisms such as systemd services on Linux and LaunchAgents on macOS. Follow vendor or security researcher advisories for updates on affected packages and further guidance.