SlowMist’s security team reported a Shai-Hulud Hades variant attack in the PyPI ecosystem involving the malicious packages openai_mcp-2.41.2 and bramin-0.0.4. According to Foresight News, the two packages use a .pth file to trigger automatically when the Python interpreter starts.
SlowMist said the code silently downloads the Bun runtime and then executes a multi-layer obfuscated JavaScript payload. The payload is designed to steal credentials including GitHub personal access tokens, npm credentials, and AWS and other cloud credentials, and to exfiltrate data using RSA-OAEP encryption.
The team said the malware also includes persistence mechanisms, supports CI/CD injection, and embeds content related to weapons of mass destruction ahead of the malicious code to interfere with AI-based security scanning.
SlowMist said it confirmed the attack shares the same RSA public key and infrastructure as a previous Red Hat Cloud Services npm poisoning incident.
PyPI Malicious Packages Linked to Shai-Hulud Hades Variant, SlowMist Says
2026-06-12 11:44:11
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
