'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud
Dark ReadingArchived Jun 08, 2026✓ Full text saved
The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat.
Full text archived locally
✦ AI Summary· Claude Sonnet
APPLICATION SECURITY
THREAT INTELLIGENCE
CYBER RISK
REMOTE WORKFORCE
NEWS
'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud
The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat.
Elizabeth Montalbano,Contributing Writer
June 8, 2026
4 Min Read
SOURCE: RUDALL30 VIA GETTY IMAGES
Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, attackers embraced a "Hades" naming convention as they continue to plague the open source developer ecosystem.
New research from Socket detailed a fresh wave of attacks featuring a variant of the Shai-Hulud worm, which has targeted npm and PyPI code packages since last September. The latest campaign compromised 37 malicious PyPI wheels across 19 packages, according to a blog post by the Socket Research Team published Sunday.
"At the time of writing, PyPI had already quarantined a number of the affected releases; we reported the remaining ones to the PyPI security team," the blog post read.
Trademarks of Shai-Hulud Attacks
Shai-Hulud is a self-propagating, info-stealing malware that infects software components, uses the access to publish poisoned versions, and then harvests the repository accounts of those affected by the malware downstream.
Related:Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
Socket quickly identified the tradecraft of the latest Mini Shai-Hulud infections as "unmistakably Shai-hulud/Miasma" — the latter term referring to a recent wave of infections targeting npm packages associated with Red Hat Cloud Services in which researchers identified dozens of the packages carrying a variant of the worm called Miasma.
The latest infections demonstrated a clear link to Shai-Hulud mainly because of the attack chain's cross-runtime design, relying on the installation of Bun — a JavaScript runtime — as a heavily obfuscated JavaScript stealer before executing the payload.
Indeed, Shai-Hulud-style payloads do not assume Node.js, Python, or another local runtime will be available. Instead, they use Bun as the execution engine. "That behavior has shown up even in npm compromises, where Node.js would otherwise be the expected runtime," according to the post. The PyPI wave abuses Python .pth startup behavior to launch a Bun-powered JavaScript credential stealer targeting developer, cloud, package-publishing, and CI/CD secrets.
A Descent Into Hades
The most recent Mini-Shai-hulud payload has new features that demonstrate some changes to the campaign as it continues to evolve. One is the introduction of Hades-themed GitHub exfiltration markers, including the repository description "Hades - The End for the Damned," Philipp Burckhardt, Socket's head of threat intelligence, tells Dark Reading. Attackers also play with the mythical underworld theme in repository component names, which include stygian, tartarean, cerberus, charon, styx, lethe, thanatos, and persephone, Socket discovered.
Related:Malicious Notifications Could Trick Google Gemini Users
Another new aspect of the campaign is the focus on abuse via .pth startup files, "which is a distinct execution mechanism compared to the npm lifecycle script abuse seen previously," Burckhardt says. This tactic is less commonly seen than that abuse and evidence that "the campaign continues to show high adaptability across ecosystems," he tells Dark Reading.
A legitimate Python startup feature, .pth files were designed to add paths to sys.path and support import hooks. But Python explicitly supports executable lines beginning with import that run at every Python startup, whether or not the corresponding package is imported, according to Socket. Essentially, each compromised wheel transforms a passive dependency into a delayed execution trigger.
"This is the Python equivalent of the npm install-hook problem that Shai-Hulud and Miasma repeatedly exploit," the Socket team wrote in the post. "The syntax is different, but the security consequence is the same: dependency installation creates an execution edge before application code is reviewed or invoked."
Auditing Is the Best Shai-Hulud Defense
Shai-Hulud has been a persistent pest to open source development since its first appearance, and each time it demonstrates that the cybercriminals behind the various attacks continue to evolve the malware. The worm appeared with new wiper capability in November and added the ability to steal credentials and secrets from accounts on major cloud providers in December.
Related:Microsoft's Zero-Day Legal Threats Spark Backlash
Later, the worm evolved with the Mini Shai-Hulud variant in April, adding more advanced and aggressive techniques that not only steal developer credentials and allow it to replicate, but also can hijack trusted publishing paths and execute malicious payloads during installation.
It's unclear who is behind the Shai-Hulud attacks, and the Socket research team did not attribute the Hades wave to a specific actor or group. Some cybersecurity vendors attributed previous Mini Shai-Hulud attacks to TeamPCP, a financially motivated threat actor that formally emerged in late 2025 by exploiting the React2Shell vulnerability as well as targeting misconfigured Docker APIs and Next.js.
For organizations that may have installed any of the Shai-Hulud-infected PyPI packages, the best defense is to immediately audit their environments, Burckhardt says. "Since the payload steals secrets available during install, they must assume credentials (GitHub tokens, cloud keys, SSH keys, etc.) accessible to the install environment are compromised and require rotation," he says.
Further, the only way to catch these attacks in the future is to conduct continuous monitoring of package installations and artifact behavior to ensure there is no malicious activity related to Shai-Hulud/Miasma in the environment, Burckhardt adds.
About the Author
Elizabeth Montalbano
Contributing Writer
Elizabeth Montalbano is freelance writer, editor, and journalist with 30 years of professional experience and a master's degree from Arizona State University. Her areas of expertise include enterprise technology, cybersecurity, business, and culture. During her long career, Elizabeth has lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City. She specializes in news coverage and analysis, using her years of experience to look at the current state of cybersecurity with a critical gaze. She currently resides in a village on the southwest coast of Portugal, where in her free time she enjoys surfing, hiking with her dogs, growing plants, and playing and performing as a singer and musician.
Want more Dark Reading stories in your Google search results?
ADD US NOW
More Insights
Industry Reports
How Organizations Are Managing Incident Response
How Enterprises Are Developing Secure Applications
Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy
Essential News & Insights from Black Hat USA 2025
How Enterprises Are Harnessing Emerging Technologies in Cybersecurity
Access More Research
Webinars
Advanced Persistent Threats: A Practical Guide to Detection and Response
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
Defending in the Shadow Era: When the CVE Feed Goes Dark
Building SecOps That Make the Most of Every Dollar
More Webinars
You May Also Like
APPLICATION SECURITY
Supply Chain Attack Secretly Installs OpenClaw for Cline Users
by Rob Wright
FEB 19, 2026
APPLICATION SECURITY
Chinese Hackers Hijack Notepad++ Updates for 6 Months
by Jai Vijayan, Contributing Writer
FEB 02, 2026
APPLICATION SECURITY
Trump Administration Rescinds Biden-Era Software Guidance
by Alexander Culafi
JAN 29, 2026
APPLICATION SECURITY
Microsoft Fixes Exploited Zero Day in Light Patch Tuesday
by Jai Vijayan, Contributing Writer
DEC 09, 2025
Editor's Choice
CYBERSECURITY OPERATIONS
20 Leaders Who Built the CISO Era: 2 Decades of Change
byDark Reading Editorial Team
MAY 12, 2026
41 MIN READ
APPLICATION SECURITY
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
byJai Vijayan
MAY 12, 2026
5 MIN READ
CYBERATTACKS & DATA BREACHES
Instructure Breach Exposes Schools' Vendor Dependence
byAlexander Culafi
MAY 6, 2026
4 MIN READ
Want more Dark Reading stories in your Google search results?
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
SUBSCRIBE
Webinars
Advanced Persistent Threats: A Practical Guide to Detection and Response
TUESDAY, JUNE 30, 2026 @ 1:00 PM EASTERN DAYLIGHT TIME
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
TUESDAY, JUNE 23, 2026 1:00 PM EDT
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
THURS, JUNE 25, 2026, AT 1PM EST
Defending in the Shadow Era: When the CVE Feed Goes Dark
TUES, JUNE 16, 2026 AT 1PM EST
Building SecOps That Make the Most of Every Dollar
THURS, JULY 9, 2026 AT 1PM EST
More Webinars
AUG 1-6 | MANDALAY BAY, LAS VEGAS USE CODE: DARKREADING & SAVE $200 ON A BRIEFINGS PASS OR $100 ON A BUSINESS PASS
The premier cybersecurity event returns.
GET YOUR PASS
ANATOMY OF A DATA BREACH
This comprehensive virtual event examines the main vulnerabilities and exploits that lead to enterprise data breaches, plus the latest tools and best practices for conducting incident response.
BEAT HACKERS TO IT