Hades Malware Hits 143 Packages, Uses Prompt Injection to Evade AI Scans

2 articles · Updated · Tom's Hardware · Jun 12

143 packages—37 Python and 106 JavaScript—are tied to an upgraded Hades supply-chain campaign that now hides malicious code behind prompt-injection comments designed to derail AI-based file checks.
Those comments trigger safety guardrails by asking for banned biological or nuclear weapon instructions, causing some AI tools to stop before scanning the payload; a reported Anthropic Fable test returned a "Chat paused" message.
Hades also deepened its evasion by splitting loaders and payloads across commonly paired packages, relying more on precompiled binaries, delaying execution until import time, and wiping itself when it detects sandbox analysis.
The campaign has broadened beyond CI/CD secrets to steal npm, PyPI, RubyGems, JFrog and Kubernetes tokens, plus AWS temporary credentials, SSH keys, Docker configs, shell histories, .env files and AI developer tool settings.
Traditional defenses still work better here—pattern matching, source parsing and sandbox execution—while the campaign's typo-squatted package names underscore ongoing risk for scientific and AI developers pulling dependencies.

Sources

Tom's Hardware10h ago

Hades Malware Upgrades AI Evasion with Prompt Injection, Expands Credential Theft

safedep.io22h ago

Miasma Worm Targets AI Coding Agents via GitHub Repos - Real-time Open Source Software Supply Chain Security

As malware poisons AI assistants, could the next major cyberattack be written by our own trusted coding tools?

How can developers trust AI security scanners when simple text comments can now disable them and hide malware?

With malware now forging security credentials, is the software supply chain's entire trust model fundamentally broken?

Inside the Hades Campaign: How 19 Malicious Packages Threatened the Python Ecosystem via PyPI

Overview

The Hades Campaign is a sophisticated supply chain attack that primarily targeted the Python ecosystem by publishing 19 malicious packages across 37 wheels to PyPI. These packages disguised themselves as legitimate libraries or used typo-squatting to trick developers into installing them, establishing an initial foothold. A key innovation was the abuse of `.pth` startup files, which allowed the malicious code to execute automatically whenever Python started, showing high adaptability across ecosystems. This approach made it easy for attackers to compromise systems without direct use of the infected packages, highlighting a significant evolution in software supply chain threats.

...