New Shai-Hulud Attack Compromises 23 PyPI Packages to Target MCP Developers

Socket Threat Research identifies a new wave of the Shai-Hulud supply-chain campaign that adds 23 malicious PyPI package-version artifacts to an operation spanning 471 total npm and PyPI artifacts; the malware uses three delivery branches (.pth startup hooks, native .abi3.so imports, and a langchain-core-mcp split-stager) to execute an obfuscated JavaScript stealer that harvests developer tokens, cloud credentials, SSH keys, and other secrets. The report lists the 23 compromised PyPI packages and versions as IOCs and describes attacker techniques and evasion approaches.