A malicious PyTorch Lightning package (lightning==2.6.3) published on PyPI delivered a credential‑stealing JavaScript payload that executed automatically on import and spawned a background process. Microsoft Defender detected and blocked the routine (identified as ShaiWorm), the package was reverted to 2.6.1, and users who imported the compromised release are advised to rotate all secrets. #ShaiWorm #PyTorchLightning
Keypoints
- The malicious lightning==2.6.3 package on PyPI executed a hidden chain that ran on import.
- A background process downloaded Bun v1.3.13 and executed an 11.4 MB obfuscated JavaScript payload (router_runtime.js).
- Defender identifies the payload as ShaiWorm, which steals .env files, API keys, GitHub tokens, browser data, and cloud credentials.
- Microsoft telemetry shows the impact was limited to a small number of devices, and Lightning AI reverted the package to version 2.6.1.
- Maintainers are auditing recent releases and investigating the supply‑chain breach; affected users should rotate all secrets immediately.