VDB
GCVE-110-OSM-2026-5738
GCVE-110-OSM-2026-5738
Advisory PublishedCVSS 9.6/10
The PyPI package nhmpy is part of the Hades Campaign, attributed to the Miasma threat actor. Malicious versions (2.4.7) inject a Python import hook that downloads the Bun JavaScript runtime and executes an AES-256-GCM encrypted multi-stage payload targeting Graph ML and scientific computing workflows. The payload performs cross-platform memory scraping of GitHub Actions runner processes to steal CI/CD secrets, SSH keys, and credentials, exfiltrating them to attacker-controlled GitHub repositories.
=== STAGE 1: Import Hook Injection ===
Malicious payload found in: package __init__.py or setup.py
Behavior: Injects a Python import hook that triggers on package import, downloads Bun JS runtime from GitHub
Anti-recursion: Creates /tmp/tmp.0144018410.lock singleton; execution flag: /tmp/.bun_ran
=== STAGE 2: Encrypted JavaScript Payload (16 modules) ===
Encryption: AES-256-GCM
C2 mechanism: GitHub commit messages and search API
C2 keywords: DontRevokeOrItGoesBoom (token dead-drop), TheBeautifulSnadsOfTime (JS updates), firedalazer (Python dropper)
Exfil repo naming patterns: stygian-cerberus-[0-9]+ and tartarean-charon-[0-9]+
=== STAGE 3: Cross-Platform Memory Scraping ===
Linux: /proc/{pid}/mem direct memory access
macOS: Mach kernel VM APIs via ctypes
Windows: PowerShell C# dynamic compilation using Win32 APIs
Target: GitHub Actions runner process memory (plaintext secrets)
=== STAGE 4: Persistence ===
Linux: ~/.config/systemd/user/update-monitor.service and gh-token-monitor.service
macOS: ~/Library/LaunchAgents/com.user.update-monitor.plist and com.user.gh-token-monitor.plist
C2 daemon: ~/.local/share/updater/update.py; C2 state: /var/tmp/.gh_update_state
=== STAGE 5: Wiper Deterrent ===
Script: ~/.local/bin/gh-token-monitor.sh
Token storage: ~/.config/gh-token-monitor/token
Behavior: Monitors stolen token validity; triggers destructive deletion if token is revoked
=== STAGE 6: AI Assistant Backdoors ===
Files: .cursorrules, .windsurfrules, .cursor/rules/, .github/copilot-instructions.md, .aider.conf.yml
Technique: LLM prompt injection to deceive automated AI security analysis tools
=== STAGE 7: Lateral Movement ===
SSH key harvesting and GitHub Actions workflow injection (push and deployment triggers)
OIDC token abuse for publishing compromised packages with forged SLSA provenance
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | nhmpy | all (affected) | — |
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.