Ethical Hacking News
PyTorch Lightning, a popular deep learning framework used for pretraining and fine-tuning AI models, has been compromised by a supply-chain attack that allows attackers to steal sensitive credentials. The malicious code was found in version 2.6.3 of the package and is detected as "ShaiWorm," an information-stealing malware that targets .env files, API keys, secrets, GitHub tokens, and data stored in popular browsers.
PyTorch Lightning version 2.6.3 has a hidden backdoor that allows attackers to steal sensitive credentials.A supply-chain attack on PyTorch Lightning revealed an information-stealing malware, detected as "ShaiWorm," which targets .env files, API keys, and more.The malicious payload is obfuscated but contains credential-stealing functionality and arbitrary system command execution capabilities.The attack appears to have been contained to a small number of devices, but highlights the importance of keeping software up-to-date.PyTorch Lightning has been reverted to version 2.6.1, considered safe to use, while its publishers investigate the supply-chain compromise.
The world of deep learning is a complex and rapidly evolving field, where the latest advancements in artificial intelligence can have far-reaching implications for individuals, organizations, and society as a whole. One of the most popular deep learning frameworks used for pretraining and fine-tuning AI models is PyTorch Lightning. However, a recent supply-chain attack on this framework has revealed a hidden backdoor that allows attackers to steal sensitive credentials.
According to a security advisory published by the maintainer of PyTorch Lightning, version 2.6.3 of the package contains a hidden execution chain that silently downloads and executes a JavaScript payload. This payload, which is detected as "ShaiWorm," is an information-stealing malware that targets .env files, API keys, secrets, GitHub tokens, and data stored in Chrome, Firefox, and Brave browsers.
The malicious execution chain triggers automatically on import and spawns a background process that downloads a JavaScript runtime from GitHub and executes the payload. The payload itself is heavily obfuscated but contains credential-stealing functionality that targets cloud providers, browsers, and environment files. It also supports arbitrary system command execution, making it a powerful tool for attackers.
The attack appears to have been contained to a narrow set of environments, affecting "a small number of devices." However, the incident highlights the importance of keeping software up-to-date and being cautious when using packages from untrusted sources.
PyTorch Lightning has been reverted to version 2.6.1 on PyPI, which is considered safe to use. The package's publishers are currently investigating how the supply-chain compromise occurred and will be auditing all recent releases for similar payloads.
The incident serves as a reminder of the ongoing cat-and-mouse game between attackers and defenders in the world of software security. As vulnerabilities are discovered and patched, new attacks emerge, highlighting the need for constant vigilance and awareness.
In this article, we will delve deeper into the details of the PyTorch Lightning credential stealer and explore what this incident reveals about the state of software security in 2026.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Hidden-Backdoor-in-Deep-Learning-The-PyTorch-Lightning-Credential-Stealer-ehn.shtml
https://www.bleepingcomputer.com/news/security/backdoored-pytorch-lightning-package-drops-credential-stealer/
https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/
Published: Mon May 4 13:04:54 2026 by llama3.2 3B Q4_K_M
