A malicious PyTorch Lightning update delivered a credential-stealing payload via a hidden import-time chain. Misryoum reports what to do next.
A malicious PyTorch Lightning release is making waves in the Python security world after it was found to hide an automatic credential-stealing routine inside the package.
Misryoum reports that the compromised PyTorch Lightning version 2.6.3 was published on PyPI with a hidden execution chain that activates as soon as the library is imported.. The payload behavior is described as silent and backgrounded, helping it slip past cursory checks while it gathers sensitive data.
That chain is reported to download a JavaScript runtime and then run a heavily obfuscated JavaScript file.. The malware activity is designed to target multiple sources of valuable information. including browser-stored data across Chrome. Firefox. and Brave. environment configuration files. and various cloud credential sources.
The targeting goes beyond local files: the payload also includes ways to interact with cloud service APIs and supports arbitrary command execution. In effect, this turns a machine that merely “imports a popular ML library” into a potential staging ground for wider compromise.
Misryoum notes that Lightning AI has recommended users who imported the affected version to rotate secrets and credentials immediately, given the possibility that tokens and keys may already have been accessed.
The immediate operational response has also been underway.. Misryoum reports that PyTorch Lightning has been reverted to version 2.6.1 on PyPI, which is presented as safe for use.. Lightning AI says it is auditing recent releases for similar payloads and investigating how the build or release pipeline was breached in the first place.
For defenders and developers, this is a sharp reminder that supply-chain attacks can ride on everyday developer workflows.. When malicious code runs at import time. the risk can surface long before an app makes any explicit “security decision. ” meaning early detection and dependency hygiene become crucial.
Misryoum will continue to monitor how the investigation evolves, especially around what allowed the malicious version to ship and whether additional packages show related behavior.