VDB
GCVE-110-OSM-2026-5456
GCVE-110-OSM-2026-5456
Advisory PublishedCVSS 9.6/10
Malicious PyPI release of 'cmd2func' published as part of the Miasma/Hades worm campaign (a 'Mini Shai-Hulud' lineage). Trojanized via maintainer account takeover, it executes at install/startup time through a malicious '*-setup.pth' import hook that stages a Bun runtime and runs an obfuscated _index.js infostealer harvesting developer and CI/CD secrets (GitHub, npm, PyPI, AWS, GCP, Azure, Kubernetes, Vault, SSH, Docker, Claude/MCP), then exfiltrates worm-style via attacker-created public GitHub repos.
Miasma/Hades worm campaign — PyPI wave (Socket Research, 2026-06-07).
=== EXECUTION: .pth startup hook ===
Malicious file: *-setup.pth (SHA256 c539766062555d47716f8432e73adbe3a0c0c954a0b6c4005017a668975e275c, identical across all artifacts)
Behavior: Python .pth import hook runs at interpreter startup; stages Bun runtime (bun-v1.3.13 from oven-sh/bun/releases/download) into /tmp/b.zip -> /tmp/b/bun. Sentinels /tmp/.bun_ran and %TEMP%\.bun_ran prevent re-run.
=== PAYLOAD: obfuscated JS infostealer ===
File: _index.js (two variants)
- SHA256 dc48b09b2a5954f7ff79ab8a2fd80202bd3b59c08c7cdbc6025aa923cb4c0efe (4.8 MB, 17 packages)
- SHA256 e1342a80d4b5e83d2c7c22e1e0aaa95f2d88e3dbf0d853a4994b180c93a4b17d (4.7 MB, 2 packages)
Obfuscation: char-code arrays + ROT substitution -> AES-256-GCM (PBKDF2/SHA256) + gzip.
Steals: GitHub, npm, PyPI, AWS, GCP, Azure, Kubernetes, Vault, SSH, Docker, Claude/MCP secrets.
=== C2 / EXFIL ===
Camouflage URL: https://api.anthropic.com/v1/api (port 443) — LEGITIMATE Anthropic domain abused for network-log camouflage; /v1/api is non-existent. No indication Anthropic was compromised.
Exfil: creates public GitHub repos via POST /user/repos (repo description "Hades - The End for the Damned"; commit marker "IfYouYankThisTokenItWillNukeTheComputerOfTheOwnerFully"); GitHub Actions artifact upload (name "format-results", path results/results-*.json, workflow "Run Copilot").
=== PERSISTENCE ===
~/.config/gh-token-monitor/, ~/.local/bin/gh-token-monitor.sh, systemd user service gh-token-monitor.service, macOS LaunchAgent com.github.token-monitor.plist, ~/.local/share/updater/update.py, .claude/setup.mjs, .github/workflows/codeql.yml
=== EVASION ===
Russian locale checks, StepSecurity/harden-runner detection, decoy-token filtering.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | cmd2func | all (affected) | — |
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.