Shai-Hulud Hades new variant attacks PyPI, using Python to Bun cross-runtime chain to steal credentials
By: rootdata|2026/06/12 21:43:52
0
Share
According to Slow Fog's disclosure, a new variant of Shai-Hulud Hades has been found attacking PyPI. The malicious package drops a .pth file that executes automatically when Python starts, and checks if Bun is installed locally; if not installed, it downloads the official Bun binary from GitHub Releases, and then executes a multi-layer obfuscated JavaScript payload to steal credentials from GitHub, npm, AWS, and cloud services.
Slow Fog stated that this variant uses the same RSA public key and infrastructure as previous Shai-Hulud attacks, and has capabilities such as encrypted exfiltration, persistence, CI/CD injection, and GitHub Actions injection.
You may also like
How TradeXYZ, xStocks, and Alpaca break down the SpaceX IPO into three different strategies
The value of tokenized products ultimately depends on whether the underlying structure is sound, rather than just the price displayed on the interface.
Why Is BlackRock Investing $5 Billion in the SpaceX IPO?
What is driving the massive demand for the SpaceX IPO, and why did BlackRock place a $5 billion order? Learn how the historic listing could impact SpaceX stock, Bitcoin, SPCX, and crypto markets.
Cryptocurrency market makers collectively seek change as it becomes increasingly difficult to make money
There is more and more to do.
a16z Crypto Partner: Cash flow is the moat
Most companies spend years creating network effects on traditional infrastructure. Crypto founders inherit them as starting conditions.
Citibank releases "2030 Asset Tokenization Market Outlook": 6 major trends may create a $8.2 trillion market
The tokenization of financial assets is moving from pilot projects to large-scale implementation, but this is a gradual evolution rather than a fierce revolution.
The trillion-dollar valuation test: Are the three major super IPOs a celebration for tech stocks or a nightmare for the crypto market?
Tech giants like SpaceX and OpenAI have sparked a $35 trillion super IPO wave. The "suction effect" is not enough to crash the stock and crypto markets, but the test of high valuations is just beginning.
Morning Report | Digital Asset completes $355 million financing led by a16z Crypto; Meta completes operational separation from Manus
Overview of Important Market Events on June 11
Morning News | CME Group launches Nasdaq Cryptocurrency Index futures; Asset management giant Janus Henderson strategically invests in Ethena
Overview of Important Market Events on June 10
Bitcoin Layer 2 Network Botanix: Why Did We Choose to Dissolve?
The Bitcoin L2 star project Botanix announced a gradual shutdown, with the team admitting to facing severe challenges from the failure of its business model and the prevailing trends. Users are urged to withdraw all assets before July 9, 2026.
Why did Oracle deliver the strongest financial report in history, yet its stock price fell?
Oracle's revenue for fiscal year 2026 set a record, with AI cloud orders soaring to $638 billion, but massive capital expenditures on computing power led to negative free cash flow, causing a 5% drop in after-hours stock prices.
When the P2P illicit funds from ten years ago turned into 60,000 bitcoins
The largest Bitcoin money laundering case in the UK has new developments: 16,000 Chinese victims are pursuing 61,000 seized Bitcoins across borders, and the dispute over the applicability of UK and Chinese laws will directly determine whether the victims can share in the soaring profits.
Dialogue with OmenX Founder: Why does the prediction market need an evolution from "spot" to "derivatives"?
How to reconstruct the prediction market using leverage?
Galaxy in-depth report: Is Solana still worth paying attention to?
Solana did not fall behind during the bear market. Trading enthusiasm has waned, but the network is more stable, RWA and stablecoins are expanding, and the capital foundation is much thicker than in the previous cycle. The real question is: when the speculative tide recedes, can perpetuals, predicti...
Young people in South Korea make a "final effort" in the epic bull market
The South Koreans' average of two accounts for wildly gambling in the chip bull market reflects the survival anxiety and harsh reality of countless young people trying to break through class barriers behind the nationwide stock trading frenzy for wealth.
The pricing controversy of Trade.xyz exposes the fatal weakness of Pre-IPO perpetual contracts
SpaceX's equity update has sparked controversy over on-chain liquidations. Trade.xyz refuses to reset the SPCX pricing, and the lack of a Rebase mechanism in Perp DEX has led to a significant trust test for on-chain Pre-IPO assets.
How much longer can Ethereum's last big buyer hold on?
According to Bitmine's current buying pace, the 5% target is expected to be reached next month, and at that time, there may be no further increases in holdings. So, who will fill the buying gap for Ethereum?
World Cup 2026 Coming – WEEX Celebrates with $1M Prize Pool & Michael Owen Live
The 2026 FIFA World Cup is hours away. WEEX unveils the “World Cup x Dice Rush” campaign with a 1,000,000 USDT prize pool. Plus, Michael Owen reunites with WEEX COO for an exclusive pre-match livestream. Join now!
Morning Report | OpenAI has submitted an S-1 registration statement draft to the U.S. SEC; Morpho completes $175 million financing
Overview of Important Market Events on June 9th
How TradeXYZ, xStocks, and Alpaca break down the SpaceX IPO into three different strategies
The value of tokenized products ultimately depends on whether the underlying structure is sound, rather than just the price displayed on the interface.
Why Is BlackRock Investing $5 Billion in the SpaceX IPO?
What is driving the massive demand for the SpaceX IPO, and why did BlackRock place a $5 billion order? Learn how the historic listing could impact SpaceX stock, Bitcoin, SPCX, and crypto markets.
Cryptocurrency market makers collectively seek change as it becomes increasingly difficult to make money
There is more and more to do.
a16z Crypto Partner: Cash flow is the moat
Most companies spend years creating network effects on traditional infrastructure. Crypto founders inherit them as starting conditions.
Citibank releases "2030 Asset Tokenization Market Outlook": 6 major trends may create a $8.2 trillion market
The tokenization of financial assets is moving from pilot projects to large-scale implementation, but this is a gradual evolution rather than a fierce revolution.
The trillion-dollar valuation test: Are the three major super IPOs a celebration for tech stocks or a nightmare for the crypto market?
Tech giants like SpaceX and OpenAI have sparked a $35 trillion super IPO wave. The "suction effect" is not enough to crash the stock and crypto markets, but the test of high valuations is just beginning.
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
