Cybersecurity researchers at Socket have discovered new malware called Hades, designed for supply chain attacks.
As reported by FinFly, citing Tom's Hardware, Hades features an unconventional mechanism to evade AI analysis systems. In infected JavaScript files, experts found comments with instructions addressed to AI analyzers. These contained provocative queries related to the creation of nuclear and biological weapons, causing some models to stop processing the file before reaching the malicious code.
According to researchers, when one of the files was checked by Anthropic's Claude chatbot, the analysis was indeed halted by the model's security system.
Meanwhile, traditional cybersecurity methods continue to successfully detect Hades. These include signature analysis, source code review, searching for suspicious fragments, and running samples in isolated environments.
Experts note that the malware authors also use other masking techniques. The malicious payload can be split between Python scripts and separate binary files, and some components activate only when the code runs in the target project.
Hades' main goal is to compromise development environments. The malware steals credentials and tokens from services and tools including npm, PyPI, RubyGems, JFrog, Kubernetes, and AWS. Also at risk are SSH keys, Docker configurations, .ENV files, terminal command history, and AI tool settings.
According to Socket, infections have been detected in 37 Python packages and 106 JavaScript packages to date.