Threat actors compromised the PyTorch Lightning package on PyPI and pushed malicious versions 2.6.2 and 2.6.3 that auto-execute on import to deploy a Bun runtime and an obfuscated JavaScript payload for credential theft. The campaign validates and abuses stolen GitHub tokens to inject worm-like commits (impersonating Anthropic’s Claude Code), leverages an npm postinstall propagation vector, and is linked to the Mini Shai-Hulud activity attributed to TeamPCP. #PyTorchLightning #TeamPCP
Keypoints
- Malicious PyPI releases 2.6.2 and 2.6.3 of PyTorch Lightning were published on April 30, 2026.
- The package auto-executes on import to download Bun and run an 11MB obfuscated JavaScript payload that harvests credentials.
- Harvested GitHub tokens are validated and used to inject worm-like commits across up to 50 branches, authored to impersonate Anthropic’s Claude Code.
- An npm postinstall hook modifies local packages and repacks .tgz files to propagate the malware if affected developers publish them.
- PyPI quarantined the project; users should block versions 2.6.2/2.6.3, downgrade to 2.6.1, remove infected installs, and rotate exposed credentials.
Read More: https://thehackernews.com/2026/04/pytorch-lightning-compromised-in-pypi.html