VDB

GCVE-110-OSM-2026-120

GCVE-110-OSM-2026-120
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 7, 2026
Malicious PyPI release of 'magique' published as part of the Miasma/Hades worm campaign (a 'Mini Shai-Hulud' lineage). Trojanized via maintainer account takeover, it executes at install/startup time through a malicious '*-setup.pth' import hook that stages a Bun runtime and runs an obfuscated _index.js infostealer harvesting developer and CI/CD secrets (GitHub, npm, PyPI, AWS, GCP, Azure, Kubernetes, Vault, SSH, Docker, Claude/MCP), then exfiltrates worm-style via attacker-created public GitHub repos. Miasma/Hades worm campaign — PyPI wave (Socket Research, 2026-06-07). === EXECUTION: .pth startup hook === Malicious file: *-setup.pth (SHA256 c539766062555d47716f8432e73adbe3a0c0c954a0b6c4005017a668975e275c, identical across all artifacts) Behavior: Python .pth import hook runs at interpreter startup; stages Bun runtime (bun-v1.3.13 from oven-sh/bun/releases/download) into /tmp/b.zip -> /tmp/b/bun. Sentinels /tmp/.bun_ran and %TEMP%\.bun_ran prevent re-run. === PAYLOAD: obfuscated JS infostealer === File: _index.js (two variants) - SHA256 dc48b09b2a5954f7ff79ab8a2fd80202bd3b59c08c7cdbc6025aa923cb4c0efe (4.8 MB, 17 packages) - SHA256 e1342a80d4b5e83d2c7c22e1e0aaa95f2d88e3dbf0d853a4994b180c93a4b17d (4.7 MB, 2 packages) Obfuscation: char-code arrays + ROT substitution -> AES-256-GCM (PBKDF2/SHA256) + gzip. Steals: GitHub, npm, PyPI, AWS, GCP, Azure, Kubernetes, Vault, SSH, Docker, Claude/MCP secrets. === C2 / EXFIL === Camouflage URL: https://api.anthropic.com/v1/api (port 443) — LEGITIMATE Anthropic domain abused for network-log camouflage; /v1/api is non-existent. No indication Anthropic was compromised. Exfil: creates public GitHub repos via POST /user/repos (repo description "Hades - The End for the Damned"; commit marker "IfYouYankThisTokenItWillNukeTheComputerOfTheOwnerFully"); GitHub Actions artifact upload (name "format-results", path results/results-*.json, workflow "Run Copilot"). === PERSISTENCE === ~/.config/gh-token-monitor/, ~/.local/bin/gh-token-monitor.sh, systemd user service gh-token-monitor.service, macOS LaunchAgent com.github.token-monitor.plist, ~/.local/share/updater/update.py, .claude/setup.mjs, .github/workflows/codeql.yml === EVASION === Russian locale checks, StepSecurity/harden-runner detection, decoy-token filtering.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownpretty-tabulateall (affected), all (affected), all (affected), * (affected)
unknownmagique
unknownanistreamall (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected)
unknownpymnemonic* (affected), * (affected), * (affected), all (affected)
unknown@shennmine/libsignal-node* (affected)

References

advisory
vendor
advisory
vendor
advisory
vendor
advisory
vendor
vendor

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›