PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
Source: The Hacker News
Compromise Details
Ravie Lakshmanan
Apr 30 2026 – Supply Chain Attack / Malware
In yet another software supply‑chain attack, threat actors have compromised the popular Python package Lightning to push two malicious versions that conduct credential theft.
According to Aikido Security, OX Security, Socket, and StepSecurity, the malicious versions are 2.6.2 and 2.6.3, both published on April 30 2026. The campaign is assessed to be an extension of the Mini Shai‑Hulud supply‑chain incident that targeted SAP‑related npm packages earlier that week.
As of writing, the project has been quarantined by the administrators of the Python Package Index (PyPI) repository. PyTorch Lightning is an open‑source Python framework that provides a high‑level interface for PyTorch. The project has more than 31,100 stars on GitHub.
“The malicious package includes a hidden _runtime directory containing a downloader and an obfuscated JavaScript payload,” Socket said. “The execution chain runs automatically when the lightning module is imported, requiring no additional user action after installation and import.”
The attack chain proceeds as follows:
- A Python script (
start.py) downloads and executes the Bun JavaScript runtime. - Bun runs an 11 MB obfuscated payload (
router_runtime.js) that performs comprehensive credential theft. - Harvested credentials (e.g., GitHub tokens) are validated against
api.github.com/user. - Valid tokens are used to inject a worm‑like payload into up to 50 branches of every repository the token can write to.
“The operation is an upsert: it creates files that do not yet exist and silently overwrites files that do,” Socket added. “No pre‑check for existing content is performed. Every poisoned commit is authored using a hard‑coded identity designed to impersonate Anthropic’s Claude Code.”
npm‑based propagation vector
The malware also modifies a developer’s local npm packages:
- Adds a postinstall hook in
package.jsonthat invokes the malicious payload. - Increments the patch version number.
- Repacks the
.tgztarballs.
If the compromised developer publishes these tampered packages, they become available on npm, allowing the malware to spread to downstream users.
The maintainers have acknowledged the issue and are actively investigating. It appears the project’s GitHub account may have been compromised.
In a separate advisory, Lightning confirmed that the affected versions introduced functionality consistent with a credential‑harvesting mechanism and that the investigation is ongoing.
Recommendations
- Block Lightning versions 2.6.2 and 2.6.3.
- Remove them from developer systems if already installed.
- Downgrade to the last known clean version, 2.6.1.
- Rotate any credentials that may have been exposed.
Author: Ravie Lakshmanan
Date: April 30 2026
[](https://thehackernews.uk/fast-response-not-fast-d)
The supply chain attack is the latest addition to a long list of compromises carried out by a threat actor known as **TeamPCP**, which has now launched an onion website on the dark web after its account was [suspended from X](https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html) for violating the platform's rules.
It also called **LAPSUS$** a “good partner of ours and has been involved heavily throughout this entire operation.” The group emphasized that it has “never used VECT encryption tools and we own CipherForce, our own private locker,” following a [report from Check Point Research](https://thehackernews.com/2026/04/vect-20-ransomware-irreversibly.html) about vulnerabilities discovered in the ransomware’s encryption process.
#### Intercom npm Package Compromised as Part of Mini Shai‑Hulud
In a related development, it has emerged that version **7.0.4** of the **intercom‑client** npm package has been compromised as part of the Mini Shai‑Hulud campaign, following a similar modus operandi as that of the [SAP packages](https://thehackernews.com/2026/04/sap-npm-packages-compromised-by-mini.html) to trigger the execution of credential‑stealing malware using a pre‑install hook.
> “The overlap is significant because the SAP CAP campaign was linked to TeamPCP activity based on shared technical details, including distinctive payload implementation patterns, GitHub‑based exfiltration, credential harvesting across developer and CI/CD environments, and similarities to prior attacks affecting Checkmarx, Bitwarden, Telnyx, LiteLLM, and Aqua Security Trivy,” **Socket** said.
> Source: [Socket blog – Intercom’s npm package compromised in supply‑chain attack](https://socket.dev/blog/intercom-s-npm-package-compromised-in-supply-chain-attack)
Found this article interesting? Follow us for more exclusive content:
- **Google News**:
- **Twitter**:
- **LinkedIn**: