Hades
Hades is ransomware associated in public reporting with Evil Corp and Indrik Spider activity, including intrusions tracked as UNC2165.
Profile source: Ransomware.live opens in a new tabHades
Family profile
Hades is ransomware associated in public reporting with Evil Corp and Indrik Spider activity, including intrusions tracked as UNC2165. This profile excludes the unrelated software supply-chain malware that also uses the Hades name.
Ransomware.live
Operational record
Reporting
Research mentioning Hades
New hack exploits AI hallucinations to trick agents into running malicious code - 'HalluSquatting' attack exploits a fundamental weakness in every available model | Tom's Hardware
You may like AI coding agents can be tricked into installing malware via 'clean' GitHub repositories ... Hades malware campaign tricks AI scanners with fake nuclear weapon prompts
Червь Miasma атаковал LeoPlatform и пакеты RStreams - Хакер
В конце прошлой недели исследователи обнаружили новую волну атак малвари семейства Shai-Hulud, Miasma и Hades.
AI coding agents can be tricked into installing malware via 'clean' GitHub repositories - Mozilla's 0din team shows how Claude Code can be exploited by its own helpfulness | Tom's Hardware
You may like Hades malware campaign tricks AI scanners with fake nuclear weapon prompts
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
According to Endor Labs and OX Security, the malware also polls GitHub every hour for commits matching the string "firedalazer" to retrieve and execute the Hades variant of the malware.
Miasma Malware Uses binding.gyp and Bun to Execute Hidden Payloads in npm Packages
Researchers at Socket.dev said... this campaign is part of a broader threat cluster also connected to related malware families called Mini Shai-Hulud and Hades.
macOS.Gaslight: North Korea-Linked Malware That Tries to Gaslight the Analyst - Security Affairs
Similar prompt-injection techniques have been seen before, including Windows PoCs documented by Check Point in 2025 and supply-chain payloads like Hades and Shai-Hulud, which used simpler single-block injections rather than this more complex multi-message setup.
Shai-Hulud Payload Steals GitHub, npm, Cloud, CI/CD, and SSH Credentials From Developers
The threat, known as the Shai-Hulud payload carrying the Hades malware family, has now expanded its reach to the Leo/RStreams ecosystem...
NPM Package Tests AI Malware Scanner Evasion Techniques
Earlier campaigns used packages named Mini Shai-Hulud, Miasma, and Hades. Those malicious packages embedded fake prompt-injection headers. They placed these headers before obfuscated JavaScript payloads.