top of page
perceptive_background_267k.jpg

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Published:

30 April 2026 at 16:31:00

Alert date:

30 April 2026 at 18:02:46

Source:

thehackernews.com

Click to open the original link from this advisory

Supply Chain & Dependencies, Ransomware & Malware, Data Breach & Exfiltration

Threat actors compromised the popular Python package PyTorch Lightning in a supply chain attack targeting PyPI. Two malicious versions (2.6.2 and 2.6.3) were published on April 30, 2026, designed to steal credentials from users who installed these compromised packages. The attack was discovered by multiple security firms including Aikido Security, Socket, and StepSecurity. This represents another significant software supply chain compromise targeting the Python ecosystem and developer credentials.

Technical details

The malicious package includes a hidden _runtime directory containing a downloader and obfuscated JavaScript payload. The attack chain involves a Python script (start.py) that downloads and executes the Bun JavaScript runtime, which then runs an 11MB obfuscated malicious payload (router_runtime.js) to conduct credential theft. GitHub tokens are validated against api.github.com/user endpoint and used to inject worm-like payload to up to 50 branches. The malware implements npm-based propagation by modifying local npm packages with postinstall hooks, increasing patch version numbers, and repacking .tgz tarballs.

Mitigation steps:

Block Lightning versions 2.6.2 and 2.6.3, remove them from developer systems if already installed, downgrade to the last known clean version 2.6.1, and rotate credentials exposed in affected environments

Affected products:

PyTorch Lightning versions 2.6.2 and 2.6.3
intercom-client version 7.0.4
SAP-related npm packages

Related links:

https://pypi.org/project/lightning/
https://www.aikido.dev/blog/pytorch-lightning-pypi-compromise-mini-shai-hulud
https://www.ox.security/blog/lightning-python-package-shai-hulud-supply-chain-attack/
https://socket.dev/blog/lightning-pypi-package-compromised
https://www.stepsecurity.io/blog/lightning-obfuscated-javascript-credential-stealer-bundled-in-pypi-wheel
https://socket.dev/supply-chain-attacks/mini-shai-hulud
https://github.com/Lightning-AI/pytorch-lightning
https://github.com/Lightning-AI/pytorch-lightning/issues/21691
https://github.com/Lightning-AI/pytorch-lightning/security/advisories/GHSA-w37p-236h-pfx3
https://github.com/intercom/intercom-node
https://socket.dev/blog/intercom-s-npm-package-compromised-in-supply-chain-attack

Related CVE's:

Related threat actors:

IOC's:

_runtime directory, start.py, router_runtime.js, api.github.com/user endpoint, postinstall hook modifications in package.json, hardcoded identity impersonating Anthropic's Claude Code

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page