A compromised version of the PyTorch Lightning package on PyPI deployed a credential stealer targeting browser data, environment files, and cloud service credentials. The malicious package has since been removed.
Security researchers discovered a backdoored version of PyTorch Lightning on the Python Package Index (PyPI) that automatically executed a credential-stealing payload upon installation.
The malicious package targeted sensitive data across multiple attack surfaces: browser credential stores, local environment files containing API keys and tokens, and cloud service authentication data. This broad approach maximizes the value of compromised systems for attackers.
PyTorch Lightning is a popular machine learning framework used by thousands of developers. The compromise demonstrates the ongoing risk posed by supply chain attacks targeting open-source package repositories. Attackers can reach large numbers of developers by poisoning widely-used dependencies.
Impact and Response
The affected package was identified and removed from PyPI. Security teams from JFrog and other organizations analyzed the malware, confirming its credential-stealing functionality. Developers who installed the backdoored version face potential exposure of sensitive authentication material.
PyPI and the broader open-source community have implemented various countermeasures against such attacks, including package verification systems and automated malware scanning. However, sophisticated attacks can still evade detection during initial publication.
Recommendations
Developers should review installation logs to determine if they downloaded the compromised version. Any systems that installed the malicious package should be treated as potentially compromised—credentials stored in browsers, environment files, and cloud services should be rotated immediately.
Organizations should implement dependency scanning tools that monitor package repositories for malicious or suspicious updates. Maintaining an inventory of dependencies and their versions enables faster response to supply chain incidents.
The incident underscores the importance of securing development environments with the same rigor applied to production systems, as compromised developer machines can serve as entry points for broader infrastructure attacks.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.