CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 08, 2026

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Dark Reading Archived Jun 08, 2026 ✓ Full text saved

The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat.

Full text archived locally
✦ AI Summary · Claude Sonnet


    APPLICATION SECURITY THREAT INTELLIGENCE CYBER RISK REMOTE WORKFORCE NEWS 'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat. Elizabeth Montalbano,Contributing Writer June 8, 2026 4 Min Read SOURCE: RUDALL30 VIA GETTY IMAGES Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, attackers embraced a "Hades" naming convention as they continue to plague the open source developer ecosystem. New research from Socket detailed a fresh wave of attacks featuring a variant of the Shai-Hulud worm, which has targeted npm and PyPI code packages since last September. The latest campaign compromised 37 malicious PyPI wheels across 19 packages, according to a blog post by the Socket Research Team published Sunday. "At the time of writing, PyPI had already quarantined a number of the affected releases; we reported the remaining ones to the PyPI security team," the blog post read. Trademarks of Shai-Hulud Attacks Shai-Hulud is a self-propagating, info-stealing malware that infects software components, uses the access to publish poisoned versions, and then harvests the repository accounts of those affected by the malware downstream. Related:Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover Socket quickly identified the tradecraft of the latest Mini Shai-Hulud infections as "unmistakably Shai-hulud/Miasma" — the latter term referring to a recent wave of infections targeting npm packages associated with Red Hat Cloud Services in which researchers identified dozens of the packages carrying a variant of the worm called Miasma. The latest infections demonstrated a clear link to Shai-Hulud mainly because of the attack chain's cross-runtime design, relying on the installation of Bun — a JavaScript runtime — as a heavily obfuscated JavaScript stealer before executing the payload. Indeed, Shai-Hulud-style payloads do not assume Node.js, Python, or another local runtime will be available. Instead, they use Bun as the execution engine. "That behavior has shown up even in npm compromises, where Node.js would otherwise be the expected runtime," according to the post. The PyPI wave abuses Python .pth startup behavior to launch a Bun-powered JavaScript credential stealer targeting developer, cloud, package-publishing, and CI/CD secrets. A Descent Into Hades The most recent Mini-Shai-hulud payload has new features that demonstrate some changes to the campaign as it continues to evolve. One is the introduction of Hades-themed GitHub exfiltration markers, including the repository description "Hades - The End for the Damned," Philipp Burckhardt, Socket's head of threat intelligence, tells Dark Reading. Attackers also play with the mythical underworld theme in repository component names, which include stygian, tartarean, cerberus, charon, styx, lethe, thanatos, and persephone, Socket discovered. Related:Malicious Notifications Could Trick Google Gemini Users Another new aspect of the campaign is the focus on abuse via .pth startup files, "which is a distinct execution mechanism compared to the npm lifecycle script abuse seen previously," Burckhardt says. This tactic is less commonly seen than that abuse and evidence that "the campaign continues to show high adaptability across ecosystems," he tells Dark Reading. A legitimate Python startup feature, .pth files were designed to add paths to sys.path and support import hooks. But Python explicitly supports executable lines beginning with import that run at every Python startup, whether or not the corresponding package is imported, according to Socket. Essentially, each compromised wheel transforms a passive dependency into a delayed execution trigger. "This is the Python equivalent of the npm install-hook problem that Shai-Hulud and Miasma repeatedly exploit," the Socket team wrote in the post. "The syntax is different, but the security consequence is the same: dependency installation creates an execution edge before application code is reviewed or invoked." Auditing Is the Best Shai-Hulud Defense Shai-Hulud has been a persistent pest to open source development since its first appearance, and each time it demonstrates that the cybercriminals behind the various attacks continue to evolve the malware. The worm appeared with new wiper capability in November and added the ability to steal credentials and secrets from accounts on major cloud providers in December.  Related:Microsoft's Zero-Day Legal Threats Spark Backlash Later, the worm evolved with the Mini Shai-Hulud variant in April, adding more advanced and aggressive techniques that not only steal developer credentials and allow it to replicate, but also can hijack trusted publishing paths and execute malicious payloads during installation. It's unclear who is behind the Shai-Hulud attacks, and the Socket research team did not attribute the Hades wave to a specific actor or group. Some cybersecurity vendors attributed previous Mini Shai-Hulud attacks to TeamPCP, a financially motivated threat actor that formally emerged in late 2025 by exploiting the React2Shell vulnerability as well as targeting misconfigured Docker APIs and Next.js.  For organizations that may have installed any of the Shai-Hulud-infected PyPI packages, the best defense is to immediately audit their environments, Burckhardt says. "Since the payload steals secrets available during install, they must assume credentials (GitHub tokens, cloud keys, SSH keys, etc.) accessible to the install environment are compromised and require rotation," he says.  Further, the only way to catch these attacks in the future is to conduct continuous monitoring of package installations and artifact behavior to ensure there is no malicious activity related to Shai-Hulud/Miasma in the environment, Burckhardt adds. About the Author Elizabeth Montalbano Contributing Writer Elizabeth Montalbano is freelance writer, editor, and  journalist with 30 years of professional experience and a master's degree from Arizona State University. Her areas of expertise include enterprise technology, cybersecurity, business, and culture. During her long career, Elizabeth has lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City. She specializes in news coverage and analysis, using her years of experience to look at the current state of cybersecurity with a critical gaze. She currently resides in a village on the southwest coast of Portugal, where in her free time she enjoys surfing, hiking with her dogs, growing plants, and playing and performing as a singer and musician. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars Advanced Persistent Threats: A Practical Guide to Detection and Response The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar More Webinars You May Also Like APPLICATION SECURITY Supply Chain Attack Secretly Installs OpenClaw for Cline Users by Rob Wright FEB 19, 2026 APPLICATION SECURITY Chinese Hackers Hijack Notepad++ Updates for 6 Months by Jai Vijayan, Contributing Writer FEB 02, 2026 APPLICATION SECURITY Trump Administration Rescinds Biden-Era Software Guidance by Alexander Culafi JAN 29, 2026 APPLICATION SECURITY Microsoft Fixes Exploited Zero Day in Light Patch Tuesday by Jai Vijayan, Contributing Writer DEC 09, 2025 Editor's Choice CYBERSECURITY OPERATIONS 20 Leaders Who Built the CISO Era: 2 Decades of Change byDark Reading Editorial Team MAY 12, 2026 41 MIN READ APPLICATION SECURITY It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight byJai Vijayan MAY 12, 2026 5 MIN READ CYBERATTACKS & DATA BREACHES Instructure Breach Exposes Schools' Vendor Dependence byAlexander Culafi MAY 6, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Advanced Persistent Threats: A Practical Guide to Detection and Response TUESDAY, JUNE 30, 2026 @ 1:00 PM EASTERN DAYLIGHT TIME The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed TUESDAY, JUNE 23, 2026 1:00 PM EDT Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack THURS, JUNE 25, 2026, AT 1PM EST Defending in the Shadow Era: When the CVE Feed Goes Dark TUES, JUNE 16, 2026 AT 1PM EST Building SecOps That Make the Most of Every Dollar THURS, JULY 9, 2026 AT 1PM EST More Webinars AUG 1-6 | MANDALAY BAY, LAS VEGAS USE CODE: DARKREADING & SAVE $200 ON A BRIEFINGS PASS OR $100 ON A BUSINESS PASS The premier cybersecurity event returns. GET YOUR PASS ANATOMY OF A DATA BREACH This comprehensive virtual event examines the main vulnerabilities and exploits that lead to enterprise data breaches, plus the latest tools and best practices for conducting incident response. BEAT HACKERS TO IT
    💬 Team Notes
    Article Info
    Source
    Dark Reading
    Category
    ◇ Industry News & Leadership
    Published
    Jun 08, 2026
    Archived
    Jun 08, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗