Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically

The article describes Hades, a new wave in the broader Miasma supply chain campaign, in which 37 malicious wheel artifacts across 19 PyPI packages were backdoored to auto-execute a Bun-based credential stealer via a specially crafted *-setup.pth file that runs when Python starts, even before the poisoned package is imported.[7] Reported facts include targeting of developer, GitHub, cloud, CI/CD, SSH, Docker, and other secrets, and the use of registry-trusted packaging mechanisms to gain early, stealthy execution.[7] From a CyberSE.AI perspective, this represents a critical AI/software supply chain risk: any AI agents, CI-based AI workflows, or AI-assisted development pipelines that automatically resolve and install Python dependencies can silently inherit the stealer, leading to cascading credential theft and downstream package or model-repo compromise. Organizations should implement SBOM-driven dependency governance, enforce pre-production malware and behavior scanning of third-party packages, and continuously red-team AI/CI workflows that auto-install or upgrade dependencies to detect similar early-execution supply chain implants before they spread.