Full Report
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically
Analysis Summary
# Tool/Technique: Hades (Miasma Variant)
## Overview
Hades is a sophisticated PyPI supply chain attack campaign and a direct evolution of the "Miasma" and "Mini Shai-Hulud" lineages. It involves poisoning Python packages with malicious code designed to execute automatically upon installation. The primary goal is to deploy a JavaScript-based credential stealer that targets developer environments, CI/CD pipelines, and cloud infrastructure secrets.
## Technical Details
- **Type:** Malware / Supply Chain Attack
- **Platform:** Cross-platform (Windows/Linux via Python and Bun runtime)
- **Capabilities:** Credential theft, automatic execution, evasion of AI security scanners, locale-based filtering.
- **First Seen:** June 2026 (Per article timeline)
## MITRE ATT&CK Mapping
- **TA0001 - Initial Access**
- **T1195.002 - Supply Chain Compromise: Compromise Software Dependencies**
- **TA0002 - Execution**
- **T1059.006 - Command and Scripting Interpreter: Python**
- **T1059.007 - Command and Scripting Interpreter: JavaScript**
- **TA0003 - Persistence**
- **T1137.006 - Office Application Startup: Add-ins (Analogous via Python `site` module/`.pth` files)**
- **TA0005 - Defense Evasion**
- **T1027 - Obfuscated Files or Information**
- **T1497.001 - Virtualization/Sandbox Evasion: System Checks (Locale checking)**
- **TA0010 - Exfiltration**
- **T1567.001 - Exfiltration Over Web Service: Exfiltration to Code Repository**
## Functionality
### Core Capabilities
- **Auto-Execution:** Leverages `*-setup.pth` files or `__init__.py` hooks to run code immediately when a package is installed or the Python interpreter starts, bypassing the need for a user to import the module.
- **Bun Runtime Deployment:** Downloads a standalone ZIP of the Bun JavaScript runtime from GitHub. This allows the malware to run complex JS payloads in environments lacking Node.js, often bypassing security tools monitoring standard runtimes.
- **Credential Harvesting:** Aggressively searches for and steals secrets including:
- **Cloud/Infra:** AWS, GCP, Azure, Kubernetes, Docker, Vault.
- **Dev/Package Managers:** GitHub, npm, PyPI, RubyGems, JFrog, CircleCI.
- **AI/LLM:** Anthropic, Claude/MCP configurations.
- **Local Files:** SSH keys, shell histories, `.env`, `.npmrc`, `.pypirc`.
### Advanced Features
- **Locale Fencing:** Checks for Russian locale settings and halts execution if found, likely to avoid legal repercussions in specific jurisdictions.
- **AI Scanner Evasion:** Employs specific obfuscation techniques designed to mislead or break the logic of AI-based security scanners.
- **GitHub Exfiltration:** Uses GitHub repositories as a clearinghouse for stolen data, often using specific campaign markers in repository descriptions (e.g., "Hades - The End for the Damned").
## Indicators of Compromise
- **File Names:**
- `*-setup.pth` (various prefixes)
- `_index.js`
- `bun.zip` (downloaded during staging)
- **Network Indicators:**
- `https[:]//github[.]com` (Runtime downloads and data exfiltration)
- **Behavioral Indicators:**
- Python interpreter initiating network connections to download ZIP files.
- Unexpected creation of `.pth` files in `site-packages` directories.
- Unrecognized JavaScript processes (Bun) running on developer machines or CI runners.
- **Poisoned Packages (Partial List):**
- `bramin`, `magique`, `pantheon-agents`, `ufish`, `uprobe`, `embiggen`, `pyphetools`.
## Associated Threat Actors
- **Miasma / Shai-Hulud Cluster:** An unidentified group specializing in Python/npm supply chain attacks characterized by their transition between different web runtimes (Node to Bun) and specific GitHub-centric exfiltration logic.
## Detection Methods
- **Signature-based:** Detect the presence of the specific `*-setup.pth` file structure or the campaign marker strings ("Hades - The End for the Damned").
- **Behavioral:** Monitor for `pip install` processes that spawn network requests to non-standard domains or download executable runtimes (like Bun).
- **Integrity Checking:** Use tools to verify if newly installed Python packages contain unauthorized `.pth` files or modified `__init__.py` files before execution in CI/CD pipelines.
## Mitigation Strategies
- **Dependency Pinning:** Use `requirements.txt` or `Poetry` with hashes to ensure only verified versions of packages are installed.
- **Environment Isolation:** Run dependency installations in ephemeral, isolated environments (containers) with restricted network access.
- **Repository Proxying:** Use private package repositories (like Artifactory or Nexus) to vet or "freeze" approved versions of public packages.
- **Review PTH Files:** Periodically audit the `site-packages` directory for unexpected `.pth` files which can grant persistent, automatic execution.
## Related Tools/Techniques
- **Miasma:** The previous iteration of this campaign using similar exfiltration logic.
- **Mini Shai-Hulud:** The original framework utilizing Node.js/Bun for cross-platform credential theft.
- **npm install-hooks:** The equivalent technique in the JavaScript ecosystem that the Hades campaign mimics in Python.