Back

Shai-Hulud Wave Targets Bioinformatics Packages on PyPI with Credential Stealers

Severity: High (Score: 69.0)

Sources: socket.dev, Technadu, Endorlabs

Published: 2026-06-09 · Updated: 2026-06-09

Keywords: pypi, wave, shai-hulud, hades, mini, miasma, bioinformatics

Severity indicators: ics

Summary

On June 8, 2026, attackers published six malicious versions of bioinformatics packages on PyPI, utilizing stolen tokens and the Bun JavaScript runtime. The packages, which are widely used in academic genomics and machine learning, contained a credential-stealing worm similar to previous npm campaigns. Endor Labs quarantined the malicious packages within 30 minutes of their publication. The attack method involved embedding the payload within compiled Rust/C++ binary extensions, allowing it to execute silently when the packages were imported. This incident is part of a broader wave of attacks, now totaling 471 affected artifacts across npm and PyPI. The malicious payload targets developer environments and CI/CD systems, aiming to steal sensitive credentials. The attack highlights a significant evolution in evasion techniques used by cybercriminals. Key Points: • Six malicious bioinformatics packages were published on PyPI using stolen tokens. • The attack utilized a credential-stealing worm embedded in compiled extensions. • This incident is part of a larger campaign affecting 471 artifacts across npm and PyPI.

Detailed Analysis

**Impact** The campaign targeted Python bioinformatics packages used primarily by academic genomics, phenotype analysis, graph machine learning researchers, and biotech companies, affecting at least six known packages. The broader campaign has compromised 471 artifacts across npm and PyPI, impacting 106 npm packages and 37 PyPI packages, including AI and MCP development tools. Credentials for cloud services, package registries, Kubernetes, and developer environments are at risk, potentially exposing sensitive research data and operational infrastructure globally. **Technical Details** Attackers published trojanized Python packages with malicious compiled Rust/C++ extensions (.abi3.so) that execute obfuscated JavaScript payloads via the Bun JavaScript runtime, bypassing typical Python packaging tools and process monitors. The payload is a multi-stage credential stealer targeting cloud secrets, CI/CD environments, and developer tools, using AES-128-GCM decryption and a custom SHA-256-keyed cipher. Malicious packages were uploaded using Bun/1.3.13 User-Agent, with no corresponding GitHub commits or tags, indicating phantom releases. The payload executes at module import time through native extensions, evading static Python source analysis. **Recommended Response** Immediately quarantine and remove the identified malicious package versions from internal repositories and PyPI mirrors. Deploy detections for Bun runtime usage in Python package installations and monitor for unusual .abi3.so extension loads. Block network connections to known Bun downloader URLs and audit developer workstations and CI/CD environments for credential theft indicators. Monitor package uploads for non-standard User-Agent strings and phantom releases lacking source repository correspondence.

Source articles (3)

  • Shai-Hulud "Hades" Wave Hits Six PyPI Bioinformatics Packages via Stolen Tokens — Endorlabs · 2026-06-08
    On June 8, 2026, attackers published six malicious versions of widely-used Python bioinformatics packages to PyPI in under 60 seconds. Every package was uploaded using the Bun JavaScript runtime - an…
  • New PyPI Wave in Mini Shai-Hulud, Miasma, and Hades Campaign — Technadu · 2026-06-09
    Socket Threat Research has identified a newer PyPI wave connected to the broader Mini Shai-Hulud, Miasma, and Hades supply chain attacks. This wave adds 23 newly identified PyPI package-version artifa…
  • Mini Shai Hulud Miasma And Hades Worms Target Bioinformatics And Mcp Developers Via Malicious — socket.dev · 2026-06-09

Timeline

  • 2026-06-08 — Six malicious packages published on PyPI: Attackers uploaded trojanized versions of bioinformatics packages, using the Bun JavaScript runtime and targeting academic research tools.
  • 2026-06-08 — Endor Labs quarantines malicious packages: All six malicious versions were quarantined within 30 minutes of their publication on the PyPI registry.
  • 2026-06-09 — New PyPI wave identified: Socket Threat Research reported 23 new malicious artifacts linked to the Mini Shai-Hulud and Hades campaigns, expanding the total to 471 affected artifacts.

Related entities

  • Malware (Attack Type)
  • Supply Chain Attack (Attack Type)
  • Trojan (Attack Type)
  • Worm (Attack Type)
  • Hades (Campaign)
  • Hades Wave (Campaign)
  • Mini Shai-Hulud (Malware)
  • Miasma (Malware)
  • Shai-hulud (Malware)
  • abi3.so (Domain)
  • api.anthropic.com (Domain)
  • evorait.com (Domain)
  • [email protected] (Email)
  • T1021.004 - SSH (Mitre Attack)
  • T1059.007 - JavaScript (Mitre Attack)
  • T1071.001 - Web Protocols (Mitre Attack)
  • T1195 - Supply Chain Compromise (Mitre Attack)
  • T1547 - Boot Or Logon Autostart Execution (Mitre Attack)
  • T1567.002 - Exfiltration to Cloud Storage (Mitre Attack)
  • T1574 - Hijack Execution Flow (Mitre Attack)
  • Docker (Tool)
  • Npm (Tool)
  • Python (Tool)
  • Bun (Tool)
  • GitHub Actions (Tool)
  • Sigstore (Tool)
  • GitHub (Platform)
  • Kubernetes (Platform)
  • Linux (Platform)
  • PyPI (Platform)
  • RubyGems (Platform)
  • Rust (Platform)
  • Fulcio (Platform)
  • Rekor (Platform)
  • JFrog (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed