Backdoored PyTorch Lightning package drops credential stealer

Staff Editor 2026-05-23
Backdoored PyTorch Lightning package drops credential stealer

Backdoored PyTorch Lightning package drops credential stealer

https://www.bleepingcomputer.com/news/security/backdoored-pytorch-lightning-package-drops-credential-stealer/

Publish Date: 2026-05-04 13:15:27

Source Domain: www.bleepingcomputer.com

Summary of the Article:

A supply-chain attack targeted PyTorch Lightning, a popular deep learning framework used for AI model development, due to a malicious version 2.6.3 published on the Python Package Index (PyPI) on April 30. This version concealed a hidden execution chain that automatically activates on import, silently creating a background process which downloads and executes an obfuscated JavaScript payload from GitHub. The malicious JavaScript payload, detected by Microsoft’s Defender as “ShaiWorm,” is a sophisticated information-stealing malware designed to plunder credentials, secrets, and API keys stored within.env files, popular browsers, and cloud services like AWS, Azure, and GCP. Although Microsoft’s telemetry suggests a limited impact, Lightning AI cautions users who imported the malicious version to immediately rotate their secrets. The PyTorch Lightning package has since been rolled back to version 2.6.1, which is safe, and additional security audits are ongoing to ensure no other releases are compromised.

Key Points:

  • Malicious PyTorch Lightning Version: A malicious version 2.6.3 released via PyPI included an execution chain for a JavaScript payload that steals credentials and secrets.
  • Auto Execution Threat: This payload automatically activates upon importing the package, posing significant security risks.
  • ShaiWorm Detection: Microsoft’s Defender detected and blocked the payload, naming it “ShaiWorm,” which targets key files across browsers and cloud services.
  • Advisory & Recommendations: Users who ran ‘import lightning’ with version 2.6.3 are advised to rotate their secrets immediately due to potential compromise.
  • Investigation Ongoing: PyTorch Lightning’s maintainers are investigating the exact breach method of the build/release pipeline and examining other recent releases for similar threats.

More Stories

Experts say we should use passkeys, but can a smartphone PIN really be safer than a password? | Life and style

Experts say we should use passkeys, but can a smartphone PIN really be safer than a password? | Life and style

Staff Editor 2026-06-07
The Mythos Race: Trump’s New EO and Glasswing’s Expansion

The Mythos Race: Trump’s New EO and Glasswing’s Expansion

Staff Editor 2026-06-07
Intech to Perform OT Cybersecurity Assessment for Middle East Liquid Terminal Operator – News and Statistics

Intech to Perform OT Cybersecurity Assessment for Middle East Liquid Terminal Operator – News and Statistics

Staff Editor 2026-06-07

You may have missed

iPod/iPhone Father on AI, Taste, and Creativity

iPod/iPhone Father on AI, Taste, and Creativity

Staff Editor 2026-06-07
Experts say we should use passkeys, but can a smartphone PIN really be safer than a password? | Life and style

Experts say we should use passkeys, but can a smartphone PIN really be safer than a password? | Life and style

Staff Editor 2026-06-07
DATALAND IS HERE TO PUT THE ART IN ARTIFICIAL INTELLIGENCE | Los Angeles Times – newspaper

DATALAND IS HERE TO PUT THE ART IN ARTIFICIAL INTELLIGENCE | Los Angeles Times – newspaper

Staff Editor 2026-06-07
Goya closes the door to artificial intelligence in music

Goya closes the door to artificial intelligence in music

Staff Editor 2026-06-07
China powers green computing hub, smart factories amid AI push

China powers green computing hub, smart factories amid AI push

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy