GMS-2026-576: Embedded Malicious Code (Shai-Hulud)

This package was identified by GitLab’s Vulnerability Research team as part of a coordinated Shai-Hulud copycat supply chain attack on PyPI on June 7, 2026. The package mflux-streamlit was weaponized by someone with maintainer access to include malicious code alongside previously clean releases. Versions 0.0.3 and 0.0.4 contain a .pth file that auto-executes on Python startup, downloads the Bun JavaScript runtime, and runs an obfuscated credential stealer targeting GitHub, AWS, Azure, GCP, HashiCorp Vault, NPM, PyPI, RubyGems, SSH keys, Kubernetes, and Sigstore. The worm self-propagates by pushing malicious commits to accessible GitHub repositories and publishing poisoned packages to other registries. Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.