Hades Campaign: AI-Bypassing Malware Targets Python Devs

Researchers have uncovered a sophisticated supply-chain attack called the Hades Campaign. This malware hides in Python packages and spreads like a worm. What's interesting is it tricks AI-based code analysis systems into overlooking malicious content. The Hades Campaign targets Python developer environments and runs as soon as infected packages are imported. It uses the Bun toolkit to silently execute multi-layer payloads. These payloads can extract sensitive data, move across systems, and even hijack AI gatekeeper analyzer systems using adversarial prompt injection. The campaign has exploited the popular C++ library ensmallen, along with packages in computational biology and bioinformatics. Researchers at StepSecurity discovered this campaign, describing it as an evolution of the Miasma threat actor. Hades uses similar credential harvesting methods, self-replicating worm logic, and GitHub-based data exfiltration patterns. The bottom line is this malware combines advanced tactics, including memory-focused attacks and methods to bypass AI analysis, making it a significant threat to software supply chains.