A new software supply chain campaign known as Hades has targeted the Python Package Index, using malicious Python packages to deliver a credential-stealing payload through an unusual cross-runtime attack chain. Security researchers have linked the activity to the Shai-Hulud and Miasma malware lineages, which previously focused on the npm ecosystem.
The campaign shows how quickly threat actors are adapting familiar open-source abuse tactics for new developer environments. Instead of waiting for a developer to manually execute the package, the poisoned Python wheels abuse startup behavior to trigger malicious activity during installation or environment initialization.
Python Packages Deliver a Bun-Powered JavaScript Payload
Socket Research said the Hades cluster involved 37 malicious Python wheels across 19 code packages, with the packages designed to exploit Python .pth startup behavior. That mechanism can allow code to run early in the environment lifecycle, before the package is explicitly used by a developer or application.
The most distinctive part of the campaign is its cross-runtime design. Rather than relying on Python or Node.js already present on the victim’s machine, the malware downloads the Bun JavaScript runtime from GitHub and uses it to execute an obfuscated JavaScript payload.
That approach gives the attackers more control over execution. By staging their own runtime in temporary directories, the malware can run more consistently across developer machines and CI/CD systems, reducing dependence on whatever tooling is already installed locally.
Researchers have treated the Bun dependency as one of the campaign’s operational fingerprints. The same pattern appeared in related Miasma activity, where attackers used a standalone runtime to execute malware outside the assumptions of standard package-security monitoring.
Credential Theft Targets Developer and Cloud Access
The Hades payload is designed primarily for credential theft from developer environments. Its targets include cloud identity credentials, package-publishing secrets and sensitive environment variables that could give attackers access to infrastructure, repositories or deployment pipelines.
The malware also uses several layers of obfuscation to complicate static analysis. Security researchers identified techniques including AES-128-GCM encrypted payload blobs and alphabet substitution, making the payload harder to inspect through simple signature-based detection.
The campaign underscores a persistent weakness in open-source package ecosystems: trusted install-time and startup hooks can become execution paths for malware. Python’s .pth behavior now sits in a similar risk category to npm preinstall scripts, which have repeatedly been abused in supply chain attacks.
That risk is especially relevant for crypto and Web3 teams, where developer credentials can provide a path toward wallets, treasuries, deployment keys or package-publishing accounts. The Hades campaign is digital in nature, but its value target is administrative access, not ordinary endpoint disruption.
For defenders, the clearest signal is unexpected runtime behavior. Python environments that initiate outbound requests to download external runtimes such as Bun should be treated as high-risk supply chain indicators, especially when tied to newly installed or low-reputation packages.
Malicious packages tied to the campaign are being removed from repositories, but the technique remains viable. Hades shows that attackers are not simply copying old npm tactics into PyPI; they are refining cross-ecosystem malware delivery for developer environments where one compromised package can expose a much larger operational perimeter.