upvote

points

by largbae20 hours ago |
comments
upvoteby jeffmcjunkin20 hours ago|
next
[-]
Confirmed: https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-wor...
reply
upvoteby ofjcihen20 hours ago|
prev|
next
[-]
Some of the latest versions of Shai Hulud do this. Worked a contract recently where they were having AI check packages for obfuscation before admitting them into Artifactory but had vibed up the logic and it failed open.

So in other words this worked because the terms caused the LLM checker to stall out and then the fail open logic resulted in the package being pulled down.

reply
upvoteby reeece19 hours ago|
parent|
[-]
Seems like this?[1] Relevant bits below:

> This header appears designed for AI-mediated analysis, not for Node, Bun, or Python. It attempts to derail scanners or analyst copilots that feed the beginning of a file to a language model without clearly isolating the content as untrusted data. In weak pipelines, this can cause refusal behavior, prompt confusion, context pollution, or premature classification before the scanner reaches the actual malware.

> This is not a magical bypass against static detection. YARA rules, entropy checks, AST parsing, string extraction, deobfuscation, and behavioral rules still work. But it is a practical anti-analysis trick against naive LLM-first triage systems.

Would this affect many systems? You mention someone writing logic that fails open, but can't that be chalked up to just not following good security principles?

[1] - https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-wor...

reply
upvoteby ofjcihen8 hours ago|
parent|
[-]
No it wouldn’t but part of the success of Shai and others like it is that it doesn’t need to.

Additionally the security scanning component of Artifactory, x-Ray is notoriously bad at this.

The developer had good intentions but by his own admission never actually examined the logic for the LLM scanner in depth.

reply
upvoteby CuriouslyC19 hours ago|
prev|
next
[-]
We all need to use nuclear, bio and cybersec terms in all our code to make low quality filtering like this untenable. When you can't work on a resume that has cybersecurity or biology terms in it or reply to a job opening that includes them because the "AI" filtering is so bad that it confuses these for threats, that deserves a collective response, particularly to an IPO'ing company that claims they'll make workers obsolete in two years.
reply
upvoteby mylifeandtimes17 hours ago|
parent|
[-]
That's why I use M-x spook to generate all of my variable names
reply
upvoteby bombcar7 hours ago|
parent|
[-]
You can still find those clipper keyword storms in Usenet archives.
reply
upvoteby himata411320 hours ago|
prev|
next
[-]
I've done this, including the hardcoded refusal strings that already exist in claude code. It won't stop a real attacker, but I still find it really funny when you're trying to use one of the AI tools and it gives you a random refusal and you don't know why, wastes a little bit of time.
reply
upvoteby pixl9720 hours ago|
prev|
next
[-]
If ( yellowcake) then { die }

Our future is loonytoons.

reply
upvoteby 19 hours ago|
prev|
next
[-]
deleted
reply
upvoteby cookiengineer17 hours ago|
prev|
[-]
Yes, the miasma worm does this since the new Hades campaign.

Note that the 3rd wave now also uses a pth file in pypi packages that _search system wide_ for any index.js or .github/setup.js to find its own payload. It literally splits up the payload on purpose to avoid detection.

Mitigation Tool: https://github.com/cookiengineer/antimiasma

Technical Blog Post: https://cookie.engineer/weblog/articles/malware-insights-mia...

reply