律动BlockBeats
律动BlockBeats|Jun 12, 2026 12:58
Slow Mist: Shai Hulud Hades new variant attacks PyPI, using Python to Bun to steal credentials across runtime chains BlockBeats News: On June 12th, according to SlowMist, it was discovered that a new variant of Shai Hulud Hades is attacking PyPI. Malicious packages will drop. psh files, which will be automatically executed when Python starts and check if Bun is installed locally; If not installed, download the official Bun binary file from GitHub Releases and execute a multi-layer obfuscation JavaScript payload to steal GitHub, npm, AWS, and cloud service credentials. SlowMist claims that this variant uses the same RSA public key and infrastructure as the previous Shai Hulud attack, and has capabilities such as encryption propagation, persistence, CI/CD injection, and GitHub Actions injection. [Original link]
+4
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads