EXECUTIVE SUMMARY:
A large-scale software supply chain campaign has been identified within the Python Package Index (PyPI) ecosystem, where dozens of malicious Python packages were uploaded and disguised as legitimate libraries. The campaign is associated with the ongoing Mini Shai-Hulud activity and is designed to compromise developer environments by abusing trusted package distribution mechanisms. By targeting developers and build environments, the attackers seek to harvest credentials, gain unauthorized access to cloud services, and expand their reach across software development pipelines.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
A large-scale software supply chain campaign has been identified within the Python Package Index (PyPI) ecosystem, where dozens of malicious Python packages were uploaded and disguised as legitimate libraries. The campaign is associated with the ongoing Mini Shai-Hulud activity and is designed to compromise developer environments by abusing trusted package distribution mechanisms. By targeting developers and build environments, the attackers seek to harvest credentials, gain unauthorized access to cloud services, and expand their reach across software development pipelines.[emaillocker id="1283"]
The malicious packages leverage Python startup hooks and package initialization mechanisms to execute hidden code when installed or imported. Once activated, the malware downloads and launches secondary payloads, including credential-stealing components implemented through the Bun JavaScript runtime. The payloads are capable of collecting sensitive information such as GitHub tokens, cloud credentials, CI/CD secrets, Kubernetes secrets, and other authentication artifacts. The campaign employs stealth techniques to suppress visible execution while maintaining persistence and enabling further compromise of development environments. The activity represents an evolution of the broader Mini Shai-Hulud ecosystem, which has previously targeted both npm and PyPI repositories through compromised packages and credential theft operations.
This campaign highlights the growing threat posed by malicious open-source packages and the increasing of software supply chain attacks. Organizations should review dependency management processes, verify package integrity before deployment, monitor development environments for unauthorized credential access, and promptly remove any identified malicious packages. Strengthening software supply chain security and implementing continuous monitoring can help reduce the risk of compromise from similar ecosystem-wide threats.
THREAT PROFILE:
| Tactic | Technique Id | Technique | Sub-technique |
| Initial Access | T1195.002 | Supply Chain Compromise | Compromise Software Supply Chain |
| Execution | T1059.006 | Command and Scripting Interpreter | Python |
| T1059.007 | JavaScript | ||
| Stealth | T1027.013 | Obfuscated Files or Information | Encrypted/Encoded File |
| Credential Access | T1528 | Steal Application Access Token | - |
| T1552.001 | Unsecured Credentials | Credentials In Files | |
| T1555.003 | Credentials from Password Stores | Credentials from Web Browsers | |
| Discovery | T1082 | System Information Discovery | - |
| Collection | T1005 | Data from Local System | - |
| Exfiltration | T1041 | Exfiltration Over C2 Channel | - |
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/pypi-supply-chain-attack/
https://socket.dev/blog/shai-hulud-descends-to-hades-miasma-pypi-wave