Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels
ID: 58f8b23e-6570-5139-8a95-8adc3df48a9e
STIX ID: report--58f8b23e-6570-5139-8a95-8adc3df48a9e
Feed Name: Socket Blog
Threat Score
**Executive Summary:** Socket Threat Research documents a fast-moving supply-chain campaign (Mini Shai-Hulud / Miasma / Hades) that added 23 new malicious PyPI artifacts to a broader set of 471 affected npm/PyPI artifacts; the campaign uses varied delivery techniques (.pth startup hooks, trojanized .abi3.so native extensions, and staged loader/payload designs) to run an obfuscated JavaScript stealer via Bun and harvest high-value secrets from developer workstations and CI/CD environments.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.