Unit 42 Threat Intelligence • 3w
Hades Malware Campaign: AI-Driven Evasion in PyPI, npm, and RubyGems
The Hades campaign is a cross-registry supply chain attack targeting PyPI, npm, and RubyGems via the leaked Miasma toolkit. Attackers deploy malicious wheel artifacts and setup.pth files to exfiltrate CI/CD credentials and environment variables. The campaign utilizes an "AI Safety-Evasion Paradox," injecting terminology related to biological and nuclear weaponry into the codebase. This triggers safety guardrails in AI-based security scanners, forcing the models to terminate analysis to avoid policy violations, thereby creating a blind spot that allows the malicious payload to bypass detection. Impact includes 19 poisoned PyPI packages and approximately 304 affected software components across 73 GitHub repositories.
Links:Unit 42 Threat Intelligence, Threatlocker, Panther, Brside, Strongestlayer, Cofense, Stepsecurity, feeds.feedburner.com, Thehackernews, techjacksolutions.com, tomshardware.com, Fugumt, Getaibook, Infoworld, Cybersecuritydive, Cltc, Reuters, Iafrica, Trmlabs, Fortinet, Boozallen, Techradar, arXiv (Computer Science - Cryptography and Security), Fidelity, Markets, Darktrace, Infosecurity-magazine, Briefglance, Papers, bleepingcomputer.com, Cybersecurityintelligence, Pwc, Uscsinstitute, Jdsupra, Pymnts, Cybelangel, Blog, Security Affairs, Flare, Fortiguard, Centripetal •