Blockchain security firm SlowMist said the Mini Shai-Hulud, Miasma, and Hades malware families have expanded from npm into the Go module ecosystem, affecting specific versions of the Cosmos SDK-based L1 project verana-labs/verana.
According to Foresight News, SlowMist said the malicious code was hidden in an obfuscated form under a .claude/ directory and could be triggered when developers open the repository.
SlowMist said the malware uses files such as .claude/setup.mjs and .vscode/setup.mjs to exploit workflow hooks tied to VS Code and AI assistant tooling, enabling execution on a developer’s machine.
The firm said the incident is not a traditional build-time supply chain attack, but instead targets developers’ local environments, with risks stemming from the misuse of IDE automation and AI-assisted tools.
SlowMist advised developers not to open untrusted repositories while IDE automation is enabled, to prioritize auditing files related to .claude and .vscode, and to rotate any credentials that may have been exposed.
AI TRENDS | SlowMist Says Malware Families Expanded From npm to Go Modules, Targeting Cosmos SDK Project Versions
2026-06-26 03:53:49
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
菲律宾、阿联酋和印尼将启动加入CPTPP谈判
