VDB

GCVE-110-OSM-2026-5738

GCVE-110-OSM-2026-5738
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 8, 2026
The PyPI package nhmpy is part of the Hades Campaign, attributed to the Miasma threat actor. Malicious versions (2.4.7) inject a Python import hook that downloads the Bun JavaScript runtime and executes an AES-256-GCM encrypted multi-stage payload targeting Graph ML and scientific computing workflows. The payload performs cross-platform memory scraping of GitHub Actions runner processes to steal CI/CD secrets, SSH keys, and credentials, exfiltrating them to attacker-controlled GitHub repositories. === STAGE 1: Import Hook Injection === Malicious payload found in: package __init__.py or setup.py Behavior: Injects a Python import hook that triggers on package import, downloads Bun JS runtime from GitHub Anti-recursion: Creates /tmp/tmp.0144018410.lock singleton; execution flag: /tmp/.bun_ran === STAGE 2: Encrypted JavaScript Payload (16 modules) === Encryption: AES-256-GCM C2 mechanism: GitHub commit messages and search API C2 keywords: DontRevokeOrItGoesBoom (token dead-drop), TheBeautifulSnadsOfTime (JS updates), firedalazer (Python dropper) Exfil repo naming patterns: stygian-cerberus-[0-9]+ and tartarean-charon-[0-9]+ === STAGE 3: Cross-Platform Memory Scraping === Linux: /proc/{pid}/mem direct memory access macOS: Mach kernel VM APIs via ctypes Windows: PowerShell C# dynamic compilation using Win32 APIs Target: GitHub Actions runner process memory (plaintext secrets) === STAGE 4: Persistence === Linux: ~/.config/systemd/user/update-monitor.service and gh-token-monitor.service macOS: ~/Library/LaunchAgents/com.user.update-monitor.plist and com.user.gh-token-monitor.plist C2 daemon: ~/.local/share/updater/update.py; C2 state: /var/tmp/.gh_update_state === STAGE 5: Wiper Deterrent === Script: ~/.local/bin/gh-token-monitor.sh Token storage: ~/.config/gh-token-monitor/token Behavior: Monitors stolen token validity; triggers destructive deletion if token is revoked === STAGE 6: AI Assistant Backdoors === Files: .cursorrules, .windsurfrules, .cursor/rules/, .github/copilot-instructions.md, .aider.conf.yml Technique: LLM prompt injection to deceive automated AI security analysis tools === STAGE 7: Lateral Movement === SSH key harvesting and GitHub Actions workflow injection (push and deployment triggers) OIDC token abuse for publishing compromised packages with forged SLSA provenance

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownnhmpyall (affected)

References

vendor

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›