PyTorch Lightning and Intercom-client Compromised in Supply Chain Attacks Targeting Credential Theft
In a significant cybersecurity breach, threat actors have compromised the widely used Python package Lightning, releasing two malicious versions aimed at credential theft. This incident underscores the ongoing vulnerabilities within software supply chains, further complicating the security landscape for developers and organizations alike.
Details of the Attack
On April 30, 2026, malicious versions 2.6.2 and 2.6.3 of the Lightning package were published, marking a continuation of the Mini Shai-Hulud supply chain incident that previously targeted SAP-related npm packages. Security firms including Aikido Security, OX Security, Socket, and StepSecurity have confirmed the malicious nature of these versions.
As of now, the Python Package Index (PyPI) administrators have quarantined the compromised project. Lightning, an open-source framework designed to provide a high-level interface for PyTorch, boasts over 31,100 stars on GitHub, making it a significant target for attackers.
Technical Mechanism of the Attack
The malicious package contains a hidden _runtime directory that includes a downloader and an obfuscated JavaScript payload. This execution chain activates automatically upon importing the Lightning module, eliminating the need for any additional user actions post-installation.
The attack initiates with a Python script named start.py, which downloads and executes the Bun JavaScript runtime. This process subsequently runs an 11MB obfuscated payload named router_runtime.js, designed to facilitate extensive credential theft.
Among the stolen credentials, GitHub tokens are validated against the api.github.com/user endpoint. Once validated, these tokens are used to inject a worm-like payload into up to 50 branches across repositories where the token has write access.
Propagation and Impact
The operation is characterized as an “upsert,” meaning it creates new files and silently overwrites existing ones without pre-checks for existing content. Each compromised commit is authored under a hardcoded identity that impersonates Anthropic’s Claude Code.
Additionally, the malware employs an npm-based propagation vector that alters local npm packages. By modifying the package.json file with a postinstall hook, it invokes the malicious payload, increases the patch version number, and repacks the .tgz tarballs. If an unsuspecting developer publishes these tampered packages, the malware can spread to downstream user systems.
Response and Mitigation
The maintainers of the Lightning project have acknowledged the issue and are actively investigating the breach. While the exact method of compromise remains unclear, indications suggest that the project’s GitHub account may have been compromised. A separate advisory from Lightning confirms that the affected versions introduced functionality consistent with a credential harvesting mechanism.
In light of this incident, developers are advised to block Lightning versions 2.6.2 and 2.6.3 and remove them from their systems if already installed. Downgrading to the last known clean version, 2.6.1, is also recommended, along with rotating any credentials that may have been exposed.
Broader Implications
This supply chain attack adds to a growing list of compromises attributed to a threat actor known as TeamPCP. Following the suspension of its account on X for violating platform rules, TeamPCP has launched an onion website on the dark web. The group has also claimed a partnership with LAPSUS$, emphasizing its involvement in various operations.
The attack on Lightning is not an isolated incident. Version 7.0.4 of the intercom-client npm package has also been compromised as part of the Mini Shai-Hulud campaign. This incident follows a similar approach to the SAP packages, utilizing a preinstall hook to execute credential-stealing malware.
The overlap between these incidents is notable, as the SAP CAP campaign has been linked to TeamPCP activity. Shared technical details, including distinctive payload implementation patterns and GitHub-based exfiltration, highlight the evolving tactics employed by threat actors.
Conclusion
As software supply chain attacks continue to proliferate, the cybersecurity community must remain vigilant. The incidents involving Lightning and intercom-client serve as stark reminders of the vulnerabilities inherent in widely-used packages. Organizations must prioritize security measures, including regular audits of dependencies and prompt responses to emerging threats.
For further insights into the evolving landscape of cybersecurity, visit The Hacker News.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
