top of page
perceptive_background_267k.jpg

Socket detected a malicious supply chain attack on PyPI package lightning versions 2.6.2 and 2.6.3, which execute credential-stealing malware on import.

Published:

30 april 2026 om 13:36:16

Alert date:

30 april 2026 om 14:01:09

Source:

socket.dev

Click to open the original link from this advisory

Supply Chain & Dependencies, Ransomware & Malware, Data Breach & Exfiltration

The popular PyPI package 'lightning' was compromised in a supply chain attack affecting versions 2.6.2 and 2.6.3. Socket detected malicious code that executes credential-stealing malware automatically when the module is imported. The attack includes a hidden _runtime directory with obfuscated JavaScript payload that steals tokens, authentication material, and cloud secrets. The malware downloads Bun JavaScript runtime and executes an 11MB obfuscated payload with similarities to Shai-Hulud attacks. The compromise affects a widely-used deep learning framework with hundreds of thousands of daily downloads, making it a high-impact incident for Python AI/ML environments.

Technical details

The malicious lightning package versions 2.6.2 and 2.6.3 contain a hidden _runtime directory with a downloader and obfuscated JavaScript payload. The attack chain executes automatically when the lightning module is imported through a daemon thread with suppressed output. The malicious code includes start.py which downloads and executes Bun JavaScript runtime from GitHub, and an 11MB obfuscated router_runtime.js payload. The payload contains 703 references to process and env, 463+ references to tokens and authentication, and 336 references to repositories. It performs credential theft targeting tokens, authentication material, repositories, environment variables, and cloud secrets, commits encoded data to repositories using stolen tokens, and can infect developer NPM package tarballs.

Mitigation steps:

Remove lightning versions 2.6.2 and 2.6.3 from affected systems immediately. Downgrade to last known clean version 2.6.1 or wait for maintainer confirmation before upgrading. Rotate all credentials exposed in affected environments including GitHub tokens, npm tokens, cloud credentials, and environment variable secrets. Review GitHub repositories for unauthorized commits or suspicious encoded data. Audit CI/CD logs, developer machines, and build systems where the package may have been imported. Treat any environment that installed and imported either compromised version as fully compromised.

Affected products:

lightning PyPI package version 2.6.2
lightning PyPI package version 2.6.3

Related links:

https://socket.dev/pypi/package/lightning/files/2.6.2/py3-none-any-whl/lightning-2.6.2/lightning/_runtime/router_runtime.js

Related CVE's:

Related threat actors:

IOC's:

lightning package versions 2.6.2 and 2.6.3, Hidden _runtime directory, start.py file downloading Bun JavaScript runtime, router_runtime.js - 11MB obfuscated JavaScript payload, 703 references to process and env in payload, 463+ references to tokens and authentication, 336 references to repositories, Automatic execution on module import through daemon thread, GitHub API abuse for committing encoded data

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page