—

PYSEC-2026-234

Malicious code in phenopacket-store-toolkit (PyPI)

Details

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of phenopacket-store-toolkit were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload (via the Bun runtime) on import that harvests and exfiltrates credentials and attempts self-propagation. This entry is a summary; behavior may not be fully characterized here. See the linked references for detailed analysis and indicators of compromise.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / phenopacket-store-toolkit

No fixed version published yet for phenopacket-store-toolkit (pip). Pin to a known-safe version or switch to an alternative.

References

https://inspector.pypi.io/project/phenopacket-store-toolkit/0.1.7/packages/93/77/84c5272838151db8cb610858293c2a98192736933ae68fcb50275e04ad5f/phenopacket_store_toolkit-0.1.7-py3-none-any.whl/ppktstore/_index.js [EVIDENCE]
https://www.endorlabs.com/learn/shai-hulud-hades-wave-hits-six-pypi-bioinformatics-packages [ARTICLE]
https://www.stepsecurity.io/blog/the-hades-campaign-pypi-packages [ARTICLE]