THE recent detection of a significant software campaign targeting Python developers highlights vulnerabilities within the PyPI registry. This coordinated supply chain attack involved threat actors compromising multiple open-source packages by injecting malicious code through maintainers' accounts.
Named the 'Hades cluster', this malware exploits a newly found method involving '.pth' files to execute code automatically during Python startup, thereby allowing it to harvest sensitive credentials from widely-used platforms like AWS and Google Cloud. The attack was rapidly identified by Socket malware detection systems, and affected artifacts are currently being monitored. Security measures recommend the immediate removal of the infected packages and credential rotation to mitigate exposure.