What happened
Threat actors have launched a new wave of supply chain attacks against the Python Package Index (PyPI), distributing malicious packages as part of an evolving campaign linked to the Shai-Hulud worm. According to research from the Socket Research Team, the latest variant, referred to as “Mini Shai-Hulud,” compromised 37 malicious PyPI wheels across 19 packages before multiple releases were quarantined by PyPI security teams.
The campaign continues to evolve under a new “Hades” naming convention, with attackers embedding mythological references such as stygian, cerberus, styx, and thanatos across repository artifacts. Researchers also identified a shift in execution strategy, leveraging Python .pth startup behavior to trigger malicious code during package installation. The payload installs a JavaScript-based infostealer executed via the Bun runtime, enabling cross-environment credential theft.
Who is affected
The primary targets are open source developers and organizations that rely on PyPI packages, along with downstream users who install or update compromised dependencies. The malware specifically seeks sensitive data such as GitHub tokens, cloud credentials, SSH keys, and CI/CD secrets.
Because the attack operates at install time, any environment that executed the infected packages, including developer machines and automated build pipelines, may have been exposed. The campaign spans multiple ecosystems, with links to earlier Shai-Hulud and “Miasma” infections observed in npm as well.
Why CISOs should care
The Mini Shai-Hulud campaign highlights how supply chain attacks are becoming more adaptive and cross-runtime in nature. Instead of relying on a single execution environment, attackers use Bun to bypass assumptions about whether Node.js or Python is available, broadening their reach.
Security researchers, including Socket’s Philipp Burckhardt, note that the use of .pth files creates a stealthy execution trigger during package installation, before any application code runs. This turns dependency management into an execution risk.
For CISOs, the concern is immediate: compromised packages can silently exfiltrate secrets during installation, undermining identity, cloud, and CI/CD security controls in one step.
3 practical actions
- Immediately audit all systems for recently installed or updated PyPI packages linked to the Shai-Hulud/Mini Shai-Hulud campaign
- Rotate any exposed credentials, including cloud keys, GitHub tokens, SSH keys, and CI/CD secrets
- Implement continuous monitoring of package installation behavior and enforce stricter controls over dependency sources and builds
