THREAT actors have poisoned nineteen Python packages on the Python Package Index with trojanised wheel files that launch automatically and harvest developer credentials.
The malicious wheels contain a .pth file that is executed during Python start up, which in turn runs an obfuscated JavaScript payload designed to siphon environment variables, API keys and tokens from services such as AWS and Google Cloud, as detailed in the Socket blog.
The attack does not require a victim to import the compromised package; the .pth hook runs as soon as the Python environment initialises, allowing the malware to persist and exfiltrate data to attacker controlled endpoints.
The operation, labelled the Hades cluster, was first spotted by Socket’s malware detection feeds between 7 and 9 June 2026 and later covered by SOCRadar and SecurityOnline.
Defenders should begin by inventorying all Python environments for the nineteen affected packages listed in the Socket advisory, treating any system that has installed those wheels as compromised and rotating every credential stored in CI/CD pipelines, source hosting services and cloud consoles.
Teams should also delete the malicious wheel files, remove any .pth entries from site packages directories and rebuild images or virtual environments from trusted, clean bases, while monitoring for unexpected outbound connections and performing regular integrity checks on installed packages to catch similar supply chain attempts.